OS Command Injection Vulnerability in wonderwhy-er DesktopCommanderMCP Product
CVE-2025-11491

5.3MEDIUM

Key Information:

Vendor

Wonderwhy-er

Status
Desktopcommandermcp
Vendor
CVE Published:
8 October 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-11491?

A vulnerability in the command management functionality of wonderwhy-er's DesktopCommanderMCP allows for OS command injection. When exploited, this weakness could enable an attacker to execute arbitrary commands on the host system remotely. This vulnerability affects all versions up to 0.2.13 and can pose a significant risk if the exposed component is actively manipulated by unauthorized users. The details of the exploit are available publicly, raising concerns about potential misuse in the wild. Immediate action is recommended for users of affected versions.

Affected Version(s)

DesktopCommanderMCP 0.2.0

DesktopCommanderMCP 0.2.1

DesktopCommanderMCP 0.2.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-11491 - Proof of Concept

References

https://vuldb.com/?id.327610
vdb-entrytechnical-description
https://vuldb.com/?ctiid.327610
signaturepermissions-required
https://vuldb.com/?submit.668006
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

crem (VulDB User)
JSON
.
CVE-2025-11491 : OS Command Injection Vulnerability in wonderwhy-er DesktopCommanderMCP Product