CVE-2025-10619 is a medium-severity OS command injection vulnerability found in the sequa-ai sequa-mcp product, specifically affecting versions 1.0.0 through 1.0.13. The vulnerability resides in the redirectToAuthorization function within the src/helpers/node-oauth-client-provider.ts file, part of the OAuth Server Discovery component. The flaw allows an attacker to manipulate input parameters that are used in OS command execution without proper sanitization or validation, leading to command injection. This can be exploited remotely without authentication or user interaction, as the vulnerable function accepts URLs that are not properly validated. The vendor notes that the server is intended to be used only with their own URLs that provide valid responses, but if an attacker supplies a non-sequa URL, this opens a valid attack vector. The vulnerability is publicly disclosed and an exploit could be developed or is potentially available, although no known exploits in the wild have been reported yet. The vendor has released version 1.0.14 which mitigates the issue by enforcing validation to ensure only approved URLs can be opened, effectively preventing injection. The CVSS 4.0 base score is 5.3, reflecting a medium severity with network attack vector, low attack complexity, no privileges or user interaction required, and limited impact on confidentiality, integrity, and availability. This vulnerability is critical to address in environments using sequa-mcp for OAuth server discovery, as it could allow attackers to execute arbitrary OS commands on the server hosting the component, potentially leading to system compromise or lateral movement within the network.

For European organizations using sequa-ai sequa-mcp, particularly in identity and access management or OAuth-based authentication infrastructures, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized command execution on critical authentication servers, undermining the integrity and availability of authentication services. This may result in unauthorized access to protected resources, data breaches, or disruption of business operations. Given the remote exploitability without authentication, attackers could leverage this vulnerability as an entry point into corporate networks. The impact is heightened for organizations relying on sequa-mcp in sensitive sectors such as finance, healthcare, or government, where OAuth servers often protect critical applications and data. Additionally, the vulnerability could be exploited to pivot attacks internally, compromising other systems. The medium CVSS score reflects limited impact scope but does not diminish the importance of timely remediation, especially in environments with high security requirements or regulatory compliance obligations prevalent in Europe (e.g., GDPR).

European organizations should immediately upgrade sequa-ai sequa-mcp to version 1.0.14 or later, as this version includes the necessary validation to restrict URLs and prevent command injection. Until the upgrade is applied, organizations should implement strict network segmentation and firewall rules to limit access to the OAuth server discovery component, restricting it to trusted internal IPs only. Monitoring and logging of requests to the redirectToAuthorization function should be enhanced to detect anomalous or unexpected URL inputs that could indicate exploitation attempts. Additionally, organizations should conduct code reviews or penetration testing focused on OAuth-related components to identify any similar injection flaws. Employing runtime application self-protection (RASP) or web application firewalls (WAF) with custom rules to detect and block suspicious OS command patterns in inputs may provide temporary mitigation. Finally, organizations should ensure that incident response teams are prepared to investigate potential exploitation attempts and have backups and recovery procedures in place to restore affected systems promptly.