प्लेटफ़ॉर्म
python
घटक
fastmcp
में ठीक किया गया
3.2.1
3.2.0
CVE-2025-64340 describes a Command Injection vulnerability discovered in fastmcp, a Python-based tool for managing and deploying command-line applications. An attacker can exploit this flaw by crafting malicious server names containing shell metacharacters, leading to arbitrary command execution on Windows systems during the installation process. This vulnerability affects versions of fastmcp up to and including 3.1.1, and a fix is available in version 3.2.0.
The vulnerability arises because fastmcp install claude-code and fastmcp install gemini-cli use subprocess.run() with a list argument, but on Windows, the target CLIs often resolve to .cmd wrappers executed through cmd.exe. This allows shell metacharacters in the server name to be interpreted, enabling an attacker to inject arbitrary commands. Successful exploitation could allow an attacker to execute malicious code with the privileges of the user running the fastmcp tool, potentially leading to system compromise, data exfiltration, or further lateral movement within the network. The impact is particularly concerning in environments where fastmcp is used to deploy sensitive applications or manage critical infrastructure.
Public proof-of-concept code demonstrating the vulnerability has been released, increasing the risk of exploitation. The vulnerability is not currently listed on CISA KEV, and the EPSS score is pending evaluation. The vulnerability was publicly disclosed on 2026-03-31.
Organizations using fastmcp to automate the deployment of command-line tools on Windows systems are at risk. This includes DevOps teams, system administrators, and developers who rely on fastmcp for managing their development environments. Shared hosting environments where multiple users have access to fastmcp configurations are particularly vulnerable.
• windows / supply-chain:
Get-Process -Name fastmcp | Stop-Process -Force• linux / server:
ps aux | grep fastmcp• generic web:
curl -I http://your-fastmcp-server/install.pydisclosure
एक्सप्लॉइट स्थिति
EPSS
0.03% (10% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation is to upgrade to fastmcp version 3.2.0 or later, which addresses the vulnerability. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to sanitize server names before they are passed to the installation process. Specifically, the WAF should strip or escape shell metacharacters (e.g., &, ;, |, >, <) from the server name. Additionally, review existing fastmcp configurations to identify any instances where untrusted input is used in the server name. After upgrading, confirm the fix by attempting an installation with a server name containing shell metacharacters and verifying that the command is not executed.
Actualice FastMCP a la versión 3.2.0 o superior. Esto corrige la vulnerabilidad de inyección de comandos. Puede actualizar usando el gestor de paquetes pip: `pip install --upgrade fastmcp`.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-64340 is a Command Injection vulnerability affecting fastmcp versions up to 3.1.1. It allows attackers to execute arbitrary commands on Windows systems during the installation process by crafting malicious server names.
You are affected if you are using fastmcp version 3.1.1 or earlier. Check your installed version and upgrade accordingly.
Upgrade to fastmcp version 3.2.0 or later. As a temporary workaround, implement WAF rules to sanitize server names before installation.
Public proof-of-concept code is available, suggesting a potential for active exploitation. Monitor your systems for suspicious activity.
Refer to the fastmcp project's official channels (e.g., GitHub repository, mailing list) for the latest advisory and updates.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी requirements.txt फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।