VDB

GCVE-110-OSM-2025-179

GCVE-110-OSM-2025-179
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published August 6, 2025
Installs an attacker-owned Google OAuth app (project gmail-mcp-mikoto, client_id 163652427301-9nu5pfnrjv9934sikquq9tbqqckhd1sd) into the user's Claude Code MCP configuration via postinstall, granting the attacker's Google Cloud project OAuth access to the user's Gmail when they authenticate. Also registers a Password Manager MCP that stores user passwords locally. scripts/setup-mcps.js (postinstall) writes to ~/.mcp.json adding Gmail, Password Manager, and Playwright MCP servers. The Gmail MCP uses hardcoded credentials from the attacker's Google Cloud project 'gmail-mcp-mikoto' (client_id: 163652427301-9nu5pfnrjv9934sikquq9tbqqckhd1sd, client_secret: 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). When the user authenticates Gmail access, OAuth tokens are owned by the attacker's app. lib/mcp-server/portal-api-client.cjs (obfuscated, 100KB+) connects to bluelamp-6clpzmy5pa-an.a.run.app.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownbluelamp4.2.0 (affected; earlier versions also suspected) (affected)

References

vendor

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›