Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-53355

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. A command injection vulnerability exists in the mcp-server-kubernetes MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. This vulnerability is fixed in 2.5.0.

Published

2025-07-08T20:15:30.020

Last Modified

2025-07-10T13:18:53.830

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-77

Affected Vendors & Products

References

https://github.com/Flux159/mcp-server-kubernetes/commit/ab165f5a0eea917fef5dbae954506fff6f4bf514 ([email protected])
https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-gjv4-ghm7-q58q ([email protected])
https://github.com/cyanheads/git-mcp-server/commit/0dbd6995ccdf76ab770b58013034365b2d06c4d9 ([email protected])
https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-gjv4-ghm7-q58q (134c704f-9b21-4f2e-91b3-4a467353bcc0)