CVE-2025-10619
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary operating system commands via command injection in the OAuth Server Discovery component of sequa-ai sequa-mcp. It affects users running versions up to 1.0.13 who use the software with non-sequa URLs. The vulnerability is remotely exploitable and public exploits exist.
💻 Affected Systems
- sequa-ai sequa-mcp
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise allowing attacker to execute arbitrary commands with the privileges of the running process, potentially leading to data theft, system takeover, or lateral movement.
Likely Case
Remote code execution leading to unauthorized access, data exfiltration, or deployment of malware/backdoors on affected systems.
If Mitigated
No impact if proper URL validation is implemented or if only sequa URLs are used as intended by the vendor.
🎯 Exploit Status
Public exploit details are available in the provided references. Remote exploitation is possible without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.14
Vendor Advisory: https://github.com/sequa-ai/sequa-mcp/commit/e569815854166db5f71c2e722408f8957fb9e804
Restart Required: No
Instructions:
1. Update sequa-mcp to version 1.0.14 or later using npm update sequa-mcp. 2. Verify the patch is applied by checking the version. 3. No restart required for Node.js applications, but ensure the updated module is loaded.
🔧 Temporary Workarounds
Restrict URL Usage
allConfigure the application to only use sequa URLs as intended by the vendor, avoiding third-party URLs in the OAuth Server Discovery component.
🧯 If You Can't Patch
- Implement strict network controls to block external access to the vulnerable component.
- Monitor for suspicious command execution patterns and unauthorized URL access attempts.
🔍 How to Verify
Check if Vulnerable:
Check package.json or run npm list sequa-mcp to verify the installed version is 1.0.13 or earlier.Check Version:
npm list sequa-mcp | grep sequa-mcpVerify Fix Applied:
Confirm the installed version is 1.0.14 or later using npm list sequa-mcp and verify the commit e569815854166db5f71c2e722408f8957fb9e804 is present.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns in system logs
- Access to non-sequa URLs in application logs
- Error messages related to OAuth Server Discovery failures
Network Indicators:
- Unexpected outbound connections from the sequa-mcp process
- HTTP requests to suspicious URLs from the OAuth component
SIEM Query:
process.name:"node" AND (process.args:"sequa-mcp" OR process.args:"oauth") AND (network.destination.ip:!sequa_domain OR process.command_line:"cmd" OR process.command_line:"bash")🔗 References
- https://github.com/sequa-ai/sequa-mcp/commit/e569815854166db5f71c2e722408f8957fb9e804
- https://lavender-bicycle-a5a.notion.site/Sequa-MCP-RCE-26853a41781f807da1c0cd158f9e3e1a?source=copy_link
- https://vuldb.com/?ctiid.324646
- https://vuldb.com/?id.324646
- https://vuldb.com/?submit.650189
- https://lavender-bicycle-a5a.notion.site/Sequa-MCP-RCE-26853a41781f807da1c0cd158f9e3e1a
