Security Advisory

CVE-2025-58062

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-28 22:14:01
Last updated 2025-08-29 13:24:44
Assigner GitHub_M
State PUBLISHED

Description

LSTM-Kirigayas openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in the open() invocation, leading to client system compromise. This issue has been patched in version 0.1.12.