EXECUTIVE SUMMARY:
The vulnerability CVE-2025-69196 affects the FastMCP framework and is associated with a CVSS score of 7.4 (High severity). It impacts all versions prior to 2.14.2, where improper handling of the OAuth resource parameter leads to incorrect token issuance. Specifically, the FastMCP OAuth Proxy generates tokens tied to a base URL instead of the intended resource, preventing proper validation of token scope by the receiving server. This flaw enables attackers to exploit the authorization flow by creating a malicious MCP server that leverages the same authorization server. During exploitation, a victim can unknowingly authenticate through the malicious server, allowing the attacker to capture valid authentication tokens. These stolen tokens can then be reused to access legitimate MCP servers and their exposed resources. The issue arises due to incorrect authorization enforcement and lack of resource-specific token binding. As a result, confidentiality and integrity of authentication mechanisms are at risk, potentially enabling unauthorized access across multiple MCP services.
RECOMMENDATION:
We strongly recommend you update FastMCP to version 2.14.2.
REFERENCES:
The following reports contain further technical details: