CVE-2025-10619 | sequa-ai sequa-mcp up to 1.0.13 OAuth Server Discovery node-oauth-client-provider.ts redirectToAuthorization os command injection

A vulnerability classified as critical has been found in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oauth-client-provider.ts of the component OAuth Server Discovery. Performing manipulation results in os command injection.

This vulnerability is known as CVE-2025-10619. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

It is recommended to upgrade the affected component.

The vendor explains: “We only promote that mcp server with our own URLs that have a valid response, but yes if someone would use it with a non sequa url, this is a valid attack vector. We have released a new version (1.0.14) that fixes this and validates that only URLs can be opened.”VulDB Recent EntriesRead More