Cybersecurity experts have identified a significant flaw in the open-source mcp-remote initiative that may lead to the execution of arbitrary operating system (OS) commands.
The flaw, designated as CVE-2025-6514, holds a CVSS rating of 9.6 out of 10.0.
“This flaw permits malicious actors to initiate arbitrary OS command execution on the device operating mcp-remote when it…