N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-62800

CVE-2025-62800: FastMCP vulnerable to reflected XSS in client's callback page

Summary

While setting up an oauth client, it was noticed that the callback page hosted by the client during the flow embeds user-controlled content without escaping or sanitizing it. This leads to a reflected Cross-Site-Scripting vulnerability.

Details

The affected code is located in https://github.com/jlowin/fastmcp/blob/main/src/fastmcp/client/oauth_callback.py, which embeds all values passed to the create_callback_html function via the message parameter it into the callback page without escaping them. This can, for example, be abused by calling the callback server with an XSS payload inside the error GET parameter, the value of which will then be inserted into the callback page, causing the execution of attacker-controlled JavaScript code in the callback server's origin. Note that besides the error parameter, other parameters reaching this function are affected too.

PoC

Setup a simple fastmcp client such as this one (the callback server's port was fixated for simplicity):

url="http://127.0.0.1:8000/mcp"
oauth = OAuth(mcp_url=url,callback_port=1337)

async def main():
    async with Client(url, auth=oauth) as client:
        await client.ping()
        
        # List available operations
        tools = await client.list_tools()

        print(f"tools: {tools}")
       
asyncio.run(main())

Ensure that the MCP server located at http://127.0.0.1:8000/mcp supports oauth.
Start the client.
As soon as the callback server has been started, access http://localhost:1337/callback?error=<img/src/onerror=alert(window.origin)>

Note that the exploitation could also for example be initiated by a malicious authorization server by returning the exploitation URL mentioned before in the authorization_endpoint field. The client would then automatically open, causing the XSS to trigger immediatly.

Impact

The impact of this XSS vulnerability is the arbitrary JavaScript execution in the victim's browser in the callback server's origin.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-62800

CVE-2025-62800:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
fastmcp	pip	< 2.13.0	2.13.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is a classic reflected Cross-Site Scripting (XSS) issue within the FastMCP client's OAuth callback mechanism. The root cause is the failure to escape user-controlled input before embedding it into the generated HTML page. The analysis of the security patch 2a20f54617a37213ed83894a8c2f0ac38a2e83a3 confirms this. The primary function, create_callback_html, receives parameters from the HTTP request (e.g., the error query parameter) and uses several helper functions from fastmcp.utilities.ui to construct the response. The patch shows that these helper functions (create_info_box, create_page, create_status_message, create_detail_box) were modified to add html.escape() to their inputs. This indicates that they were previously rendering raw HTML, allowing an attacker to inject malicious scripts. Therefore, during exploitation, a profiler would show create_callback_html as the function processing the malicious input and calling the other identified vulnerable functions to render the final payload.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-62800: FastMCP vulnerable to reflected XSS in client's callback page

Summary

Details

PoC

Impact

CVE-2025-62800:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

N/A

N/A

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Basic Information

Basic Information

CVE-2025-62800: FastMCP vulnerable to reflected XSS in client's callback page

Summary

Details

PoC

Impact

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI