Security Advisory
CVE-2025-58062
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
LSTM-Kirigayas openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in the open() invocation, leading to client system compromise. This issue has been patched in version 0.1.12.