CVE-2025-62801: 
Model Context Protocol 취약성 분석 및 완화

FastMCP, a standard framework for building MCP applications, was found to contain a command-injection vulnerability in versions prior to 2.13.0. The vulnerability was discovered and disclosed on October 28, 2025, affecting Windows systems running the FastMCP Cursor installer (GitHub Advisory).

The vulnerability stems from improper neutralization of special elements used in OS commands (CWE-78). Specifically, the generatecursordeeplink() function embeds the servername parameter directly into a cursor://...?name= query string without proper sanitization. On Windows systems, the opendeeplink() function is called with shell=True, which invokes cmd.exe /c start. Any cmd metacharacter inside server_name (&, |, >, ^) can escape the start command and execute arbitrary processes. The vulnerability has been assigned a CVSS score of 5.4 (Moderate), with local attack vector, low attack complexity, and high impact on confidentiality, integrity, and availability of the vulnerable system (GitHub Advisory).

The vulnerability affects all Windows hosts that run fastmcp install cursor, including developers' local workstations, CI/CD agents, and corporate build machines. When exploited, it allows attackers to execute arbitrary OS commands on the affected Windows systems, potentially compromising system security (GitHub Advisory).

Users are advised to upgrade to FastMCP version 2.13.0 or later, which contains the fix for this vulnerability (GitHub Advisory).