PyPI: fastmcp
CVE-2025-62801
Safety vulnerability ID: SFTY-20251029-13242
Safety legacy ID: pyup.io-80984
Affected versions of the fastmcp package are vulnerable to Command Injection due to improper neutralization of the server_name value when constructing and launching a Windows deep link during the Cursor installer flow. The generate_cursor_deeplink(server_name, …) function embeds server_name directly into a cursor://… query string, which is then executed by open_deeplink() with shell=True on Windows (invoking cmd.exe /c start), allowing command metacharacters such as & or | in server_name to escape the intended command.
Overview
FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
Advisory
Affected versions of the fastmcp package are vulnerable to Command Injection due to improper neutralization of the server_name value when constructing and launching a Windows deep link during the Cursor installer flow. The generate_cursor_deeplink(server_name, …) function embeds server_name directly into a cursor://… query string, which is then executed by open_deeplink() with shell=True on Windows (invoking cmd.exe /c start), allowing command metacharacters such as & or | in server_name to escape the intended command.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20251029-13242/CVE-2025-62801
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62801
- https://github.com/advisories/GHSA-rj5c-58rq-j5g5
- https://github.com/jlowin/fastmcp/security/advisories/GHSA-rj5c-58rq-j5g5
- https://nvd.nist.gov/vuln/detail/CVE-2025-62801
- https://github.com/advisories/GHSA-rj5c-58rq-j5g5
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more