CVE-2025-64340 MEDIUM

CVE-2025-64340: FastMCP has a Command Injection vulnerability - Gemini CLI

Vendor Jlowin

Product fastmcp

Weakness CWE-78

Published April 3, 2026

Last update April 3, 2026

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metacharacters (e.g., &) can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run() with a list argument, but on Windows the target CLIs often resolve to .cmd wrappers that are executed through cmd.exe, which interprets metacharacters in the flattened command string. This issue has been patched in version 3.2.0.

Key dates

02Disclosure timeline

April 3, 2026 CVE published

April 3, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-64340 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

CVE-2025-64340: FastMCP has a Command Injection vulnerability - Gemini CLI

01Description

02Disclosure timeline

03References

04Related CVE