Sunnyvale, Calif. – July 9, 2025 — Today, the JFrog Security Research team announced its discovery of a critical vulnerability in an mcp-remote server capable of performing remote code execution. The vulnerability, CVE-2025-6514 (CVSS 9.6 score), is capable of triggering arbitrary OS command execution when Model Context Protocol (MCP) clients, such as Claude Desktop, connect to an untrusted MCP server through mcp-remote. A successful attack results in the most severe consequence for the victim: complete system compromise.

“While remote MCP servers are highly effective tools for expanding AI capabilities in managed environments, facilitating rapid iteration of code, and helping ensure more reliable delivery of software, MCP users need to be mindful when using them,” said Or Peles, JFrog Senior Security Researcher and lead on the study. “It’s important that users connect to trusted MCP clients using secure connection methods such as HTTPS. Otherwise, vulnerabilities like CVE-2025-6514 could hijack MCP clients to varying degrees of impact.”

The mcp-remote tool gained popularity in the AI community when remote MCP server implementations began to emerge, enabling LLM models to interact with external data and tools. While most MCP clients still only supported connecting to local servers, this tool enabled applications that previously only supported local MCP transport via STDIO, such as Claude Desktop, Cursor, and Windsurf, to connect with remote MCP servers via HTTP transport by serving as a proxy.

The CVE-2025-6514 (CVSS 9.6 score) vulnerability affects versions 0.0.5 to 0.1.15 of mcp-remote and has been fixed in version 0.1.16. The JFrog Security Research Team strongly advises users of this function to:

• Upgrade to mcp-remote version 0.1.16 or above immediately
• Avoid connecting to untrusted or insecure MCP servers
• Always use HTTPS or other secure protocols for remote MCP transport
  

For more information and technical details, visit:
https://jfrog.com/blog/2025-6514-critical-mcp-remote-rce-vulnerability

About JFrog 

JFrog Ltd. (Nasdaq: FROG) is on a mission to securely power the world with “Liquid Software,” streamlining application delivery from developer to device. Our JFrog Software Supply Chain Platform enables organizations to build, manage, and securely distribute software, ensuring applications are traceable and tamper-proof. Built for advancing the world of AI, our platform aligns ML models with development processes, providing a unified source of truth for Engineering, MLOps, DevOps, and DevSecOps teams. This integration allows faster AI application releases with minimized risks and costs. Additionally, our platform features robust security to identify and remediate threats. Available as both self-hosted and SaaS services, JFrog is trusted by millions, including many Fortune 100 companies, to facilitate secure digital transformation. Discover more at jfrog.com and follow us on X: @jfrog.