CVE-2025-62800
FastMCP vulnerable to reflected XSS in client's callback page
Description
### Summary While setting up an oauth client, it was noticed that the callback page hosted by the client during the flow embeds user-controlled content without escaping or sanitizing it. This leads to a reflected Cross-Site-Scripting vulnerability. ### Details The affected code is located in *https://github.com/jlowin/fastmcp/blob/main/src/fastmcp/client/oauth_callback.py*, which embeds all values passed to the `create_callback_html` function via the `message` parameter it into the callback page without escaping them. This can, for example, be abused by calling the callback server with an XSS payload inside the `error` GET parameter, the value of which will then be inserted into the callback page, causing the execution of attacker-controlled JavaScript code in the callback server's origin. Note that besides the `error` parameter, other parameters reaching this function are affected too. ### PoC 1. Setup a simple fastmcp client such as this one (the callback server's port was fixated for simplicity): ``` url="http://127.0.0.1:8000/mcp" oauth = OAuth(mcp_url=url,callback_port=1337) async def main(): async with Client(url, auth=oauth) as client: await client.ping() # List available operations tools = await client.list_tools() print(f"tools: {tools}") asyncio.run(main()) ``` 2. Ensure that the MCP server located at `http://127.0.0.1:8000/mcp` supports oauth. 3. Start the client. 4. As soon as the callback server has been started, access `http://localhost:1337/callback?error=<img/src/onerror=alert(window.origin)>` Note that the exploitation could also for example be initiated by a malicious authorization server by returning the exploitation URL mentioned before in the `authorization_endpoint` field. The client would then automatically open, causing the XSS to trigger immediatly. ### Impact The impact of this XSS vulnerability is the arbitrary JavaScript execution in the victim's browser in the callback server's origin.
How to fix CVE-2025-62800
To remediate CVE-2025-62800, upgrade the affected package to a fixed version below.
- —upgrade to 2.13.0 or later
Is CVE-2025-62800 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.