Press ReleaseArtificial IntelligenceCyber Safety

JFrog Security Research Team Discovers Critical Remote Code Execution Vulnerability Hijacking mcp-Remote Clients

New Discovery Represents First Full Remote Code Execution (RCE) on Large Language Model (LLM) Client Machines Connecting to Untrusted MCP servers

Photo of Martin Dale Bolima Martin Dale Bolima Send an email July 14, 2025
1 minute read
mcp-Remote

The JFrog Security Research team has announced its discovery of a critical vulnerability in an mcp-remote server capable of performing remote code execution. The vulnerability, CVE-2025-6514 (CVSS 9.6 score), is capable of triggering arbitrary OS command execution when Model Context Protocol (MCP) clients, such as Claude Desktop, connect to an untrusted MCP server through mcp-remote. A successful attack results in the most severe consequence for the victim: complete system compromise.

“While remote MCP servers are highly effective tools for expanding AI [Artificial Intelligence] capabilities in managed environments, facilitating rapid iteration of code, and helping ensure more reliable delivery of software, MCP users need to be mindful when using them,” said Or Peles, JFrog Senior Security Researcher and Lead on the study. “It’s important that users connect to trusted MCP clients using secure connection methods such as HTTPS. Otherwise, vulnerabilities like CVE-2025-6514 could hijack MCP clients to varying degrees of impact.”

The mcp-remote tool gained popularity in the AI community when remote MCP server implementations began to emerge, enabling LLM models to interact with external data and tools. While most MCP clients still only supported connecting to local servers, this tool enabled applications that previously only supported local MCP transport via STDIO, such as Claude Desktop, Cursor, and Windsurf, to connect with remote MCP servers via HTTP transport by serving as a proxy.

The CVE-2025-6514 (CVSS 9.6 score) vulnerability affects versions 0.0.5 to 0.1.15 of mcp-remote and has been fixed in version 0.1.16. The JFrog Security Research Team strongly advises users of this function to:

  • Upgrade to mcp-remote version 0.1.16 or above immediately
  • Avoid connecting to untrusted or insecure MCP servers
  • Always use HTTPS or other secure protocols for remote MCP transport

For more information and technical details, visit:
https://jfrog.com/blog/2025-6514-critical-mcp-remote-rce-vulnerability.

Tags
Photo of Martin Dale Bolima Martin Dale Bolima Send an email July 14, 2025
1 minute read
Photo of Martin Dale Bolima

Martin Dale Bolima

Martin has been a Technology Journalist at Asia Online Publishing Group (AOPG) since July 2021, tasked primarily to handle the company’s Disruptive Tech Asia and Disruptive Tech News online portals. He also contributes to Cybersecurity ASEAN and Data&Storage ASEAN, with his main areas of interest being artificial intelligence and machine learning, cloud computing and cybersecurity. A seasoned writer and editor, Martin holds a degree in Journalism from the University of Santo Tomas in the Philippines. He began his professional career back in 2006 as a writer-editor for the University Press of First Asia, one of the premier academic publishers in the Philippines. He next dabbled in digital marketing as an SEO writer while also freelancing as a sports and features writer.

Related Articles

Kaspersky

Kaspersky Partners with SIS International Limited to Expand Distribution in Hong Kong

July 14, 2025
Fortinet

Fortinet Report: OT Cybersecurity Risk Elevates within Executive Leadership Ranks

July 11, 2025
BG100 Speedgate

BG100 Speedgate by HID, ASSA ABLOY Recognised with Renowned Red Dot Award for Innovative Biometric eGate Design

July 11, 2025
ExtraHop

NDR Leader ExtraHop® Expands Global Footprint in Singapore

July 11, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

(c) Asia Online Publishing Group 2024 - Media and PR enquiries - editor@aopg.net