rootio-fastmcp: Unauthenticated Code Execution via Network Request

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

rootio-fastmcp: Unauthenticated Code Execution via Network Request

ROOT-APP-PYPI-CVE-2025-62801

Summary

The rootio-fastmcp package contains a security flaw that could allow an attacker to run unauthorized code on your server. This could happen if an attacker sends a special network request to your server. Root has released patches to fix this issue, and you should update the package to the latest version to stay secure.

What to do

Update rootio-fastmcp to version 2.11.3+root.io.4.
Update rootio-fastmcp to version 2.12.4+root.io.4.

Affected software

Ecosystem	Vendor	Product	Affected versions
Root:PyPI	–	rootio-fastmcp	< 2.11.3+root.io.4 < 2.12.4+root.io.4 Fix: upgrade to 2.11.3+root.io.4

Original title

CVE-2025-62801 in rootio-fastmcp - Patched by Root

Original description

Root has patched CVE-2025-62801 in the rootio-fastmcp package for Root:PyPI. Multiple fixed versions available.

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 10 Apr 2026