CVE-2025-59377

Published
View on NVD ↗
CVSS v3
3.7
LOW
CVSS v2
N/A
Affected
2
PROJECTS

Description

feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. NOTE: this is unrelated to mcp-server-kubernetes and CVE-2025-53355.

feiskyer/mcp-kubernetes-server
feiskyer/mcp-kubernetes-server
A Model Context Protocol (MCP) server that enables AI assistants to interact with Kubernetes clusters. It serves as a bridge between AI tools (like Claude, Cursor, and GitHub Copilot) and Kubernetes, translating natural language requests into Kubernetes operations and returning the results in a format the AI tools can understand.
GitHubGitHub
17
william31212/CVE-Requests-1896609
william31212/CVE-Requests-1896609
CVE-2025-59376, CVE-2025-59377
GitHubGitHub
1