PyPI: fastmcp
CVE-2025-64340
Safety vulnerability ID: SFTY-20260331-05667
Safety legacy ID: pyup.io-91320
Affected versions of the fastmcp package are vulnerable to Command Injection due to improper neutralization of shell metacharacters in server names. The fastmcp install claude-code and fastmcp install gemini-cli installation paths pass a server name into subprocess.run(), and on Windows the target CLI may resolve to a .cmd wrapper executed through cmd.exe, which interprets metacharacters such as & in the flattened command string.
Overview
FastMCP has a Command Injection vulnerability - Gemini CLI
Advisory
Affected versions of the fastmcp package are vulnerable to Command Injection due to improper neutralization of shell metacharacters in server names. The fastmcp install claude-code and fastmcp install gemini-cli installation paths pass a server name into subprocess.run(), and on Windows the target CLI may resolve to a .cmd wrapper executed through cmd.exe, which interprets metacharacters such as & in the flattened command string.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260331-05667/CVE-2025-64340
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64340
- https://data.safetycli.com/changelogs/fastmcp/
- https://github.com/advisories/GHSA-m8x7-r2rg-vh5g
- https://pypi.org/project/fastmcp
- https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-m8x7-r2rg-vh5g
- https://github.com/jlowin/fastmcp/security/advisories/GHSA-m8x7-r2rg-vh5g
- https://github.com/PrefectHQ/fastmcp/pull/3522
- https://nvd.nist.gov/vuln/detail/CVE-2025-64340
- https://github.com/advisories/GHSA-m8x7-r2rg-vh5g
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more