Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
rootio-fastmcp: Unauthenticated Remote Code Execution
ROOT-APP-PYPI-CVE-2025-64340
Summary
The rootio-fastmcp package has a security flaw that allows unauthorized access to your system. This could allow attackers to run malicious code on your server. Update to the latest version of rootio-fastmcp to fix this issue.
What to do
- Update rootio-fastmcp to version 2.12.4+root.io.3.
- Update rootio-fastmcp to version 2.12.4+root.io.4.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:PyPI | – | rootio-fastmcp |
< 2.12.4+root.io.3 < 2.12.4+root.io.4 Fix: upgrade to 2.12.4+root.io.3
|
Original title
CVE-2025-64340 in rootio-fastmcp - Patched by Root
Original description
Root has patched CVE-2025-64340 in the rootio-fastmcp package for Root:PyPI. Multiple fixed versions available.
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 10 Apr 2026