CVE-2025-59376

Published
View on NVD ↗
CVSS v3
3.7
LOW
CVSS v2
N/A
Affected
2
PROJECTS

Description

feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod" command because the first word (i.e., "version") is not a write or delete operation.

feiskyer/mcp-kubernetes-server
feiskyer/mcp-kubernetes-server
A Model Context Protocol (MCP) server that enables AI assistants to interact with Kubernetes clusters. It serves as a bridge between AI tools (like Claude, Cursor, and GitHub Copilot) and Kubernetes, translating natural language requests into Kubernetes operations and returning the results in a format the AI tools can understand.
GitHubGitHub
17
william31212/CVE-Requests-1896609
william31212/CVE-Requests-1896609
CVE-2025-59376, CVE-2025-59377
GitHubGitHub
1