Medium severity5.6NVD Advisory· Published Aug 20, 2025· Updated Apr 29, 2026

CVE-2025-9262

Description

A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity. The exploitability is told to be difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
@wong2/mcp-clinpm	<= 1.13.0	—

Affected products

Wong2/Mcp Cli
cpe:2.3:a:wong2:mcp-cli:1.13.0:*:*:*:*:*:*:*

Patches

35629664cc5d

fix(auth): sanitize authorization URL (#16)

https://github.com/wong2/mcp-cli2h0ngAug 7, 2025via ghsa

commit

2 files changed · +4 −2

package.json+2 −1 modified

@@ -30,6 +30,7 @@
     "prompts": "^2.4.2",
     "uri-template": "^2.0.0",
     "yocto-spinner": "^0.2.2",
-    "yoctocolors": "^2.1.1"
+    "yoctocolors": "^2.1.1",
+    "strict-url-sanitise": "^0.0.1"
   }
 }

src/oauth/provider.js+2 −1 modified

@@ -2,6 +2,7 @@
 
 import open from 'open'
 import { config } from '../config.js'
+import { sanitizeUrl } from 'strict-url-sanitise'
 
 /** @typedef {import("@modelcontextprotocol/sdk/client/auth.js").OAuthClientProvider} OAuthClientProvider */
 /** @implements {OAuthClientProvider} */
@@ -39,7 +40,7 @@ export class McpOAuthClientProvider {
   }
 
   async redirectToAuthorization(authorizationUrl) {
-    await open(authorizationUrl.toString())
+    await open(sanitizeUrl(authorizationUrl.toString()))
   }
 
   async codeVerifier() {

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

gist.github.com/superboy-zjc/a01bd059c4078249d899f8c70c8feb0envdExploitThird Party AdvisoryWEB
gist.github.com/superboy-zjc/a01bd059c4078249d899f8c70c8feb0envdExploitThird Party AdvisoryWEB
github.com/advisories/GHSA-p6rm-483j-37jfghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-9262ghsaADVISORY
vuldb.comnvdThird Party AdvisoryVDB EntryWEB
vuldb.comnvdThird Party AdvisoryVDB EntryWEB
github.com/wong2/mcp-cli/commit/35629664cc5d3aea4c3d083d075fe26e7c346b59ghsaWEB
github.com/wong2/mcp-cli/pull/16ghsaWEB
vuldb.comnvdPermissions RequiredVDB EntryWEB

News mentions

No linked articles in our index yet.

Severity

MediumCVSS v3.1

5.6/ 10

CVSS v42.9

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack vector: Network
Complexity: High
Privileges: None
User interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: Low
Availability: Low

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

Probability of exploitation in the next 30 days.

0.56%

VYPR risk score

Composite of severity, exploitation, and reach.

0.29low

cvss	0.364
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000

Weaknesses

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE ID

CVE-2025-9262

Source code

github.com/wong2/mcp-cli