CVE-2025-14660 | DecoCMS Mesh up to 1.0.0-alpha.31 Workspace Domain api.ts createTool domain access control (ID 1967)

A vulnerability classified as critical has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls.

This vulnerability is handled as CVE-2025-14660. The attack can be initiated remotely. Additionally, an exploit exists.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More