Login Sign Up

CVE-2025-62800

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

FastMCP versions before 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page. This allows attackers to inject malicious JavaScript that executes in the callback server's origin when users visit specially crafted URLs. Applications using FastMCP's OAuth functionality are affected.

💻 Affected Systems

Products:
  • FastMCP
Versions: All versions prior to 2.13.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects applications using FastMCP's OAuth client callback functionality. The vulnerability is in the oauth_callback.py component.

📦 What is this software?

Fastmcp by Jlowin

View all CVEs affecting Fastmcp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal user session tokens, perform actions on behalf of users, or redirect users to malicious sites, potentially leading to account compromise and data theft.

🟠

Likely Case

Attackers craft malicious OAuth callback URLs that execute JavaScript in the victim's browser, potentially stealing OAuth tokens or session cookies.

🟢

If Mitigated

With proper input validation and output encoding, the vulnerability is prevented, though the attack surface remains if other similar issues exist.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires tricking users into clicking malicious OAuth callback URLs. The vulnerability is reflected XSS, so the attack is client-side.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.13.0

Vendor Advisory: https://github.com/jlowin/fastmcp/security/advisories/GHSA-mxxr-jv3v-6pgc

Restart Required: No

Instructions:

1. Update FastMCP to version 2.13.0 or later using pip: pip install fastmcp>=2.13.0. 2. Verify the update was successful. 3. No restart required as this is a library update.

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement server-side validation and proper HTML encoding for all user-controlled values in the OAuth callback handler.

🧯 If You Can't Patch

  • Implement a web application firewall (WAF) with XSS protection rules to block malicious payloads.
  • Disable or restrict access to the OAuth callback functionality if not required.

🔍 How to Verify

Check if Vulnerable:

Check if FastMCP version is below 2.13.0 by examining the installed package version.

Check Version:

pip show fastmcp | grep Version

Verify Fix Applied:

Verify that FastMCP version is 2.13.0 or higher and test the OAuth callback with malicious input to ensure it's properly encoded.

📡 Detection & Monitoring

Log Indicators:

  • Unusual OAuth callback requests with JavaScript payloads in query parameters
  • Multiple failed OAuth authentication attempts from suspicious sources

Network Indicators:

  • HTTP requests to OAuth callback endpoints containing script tags or JavaScript code in URL parameters

SIEM Query:

source="web_server" AND (url="*oauth_callback*" AND (url="*<script*" OR url="*javascript:*"))

📊 Metadata

CVE ID: CVE-2025-62800
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.06% exploit probability (19.3th percentile)
Published: October 28, 2025
Last Updated: November 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62800, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)