Command Injection Vulnerability in MCP Server for Kubernetes by False257
CVE-2025-53355

7.5HIGH

Key Information:

Vendor: Flux159
Status: Mcp-server-kubernetes
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-53355?

A critical command injection vulnerability exists in the MCP Server Kubernetes, which facilitates connections to Kubernetes clusters for management purposes. Due to improper sanitization of input parameters used in the child_process.execSync call, this vulnerability allows attackers to inject arbitrary system commands. Exploitation of this flaw can lead to remote code execution with the privileges of the server process. This issue has been addressed in version 2.5.0, emphasizing the importance of updating to mitigate potential security risks.

Affected Version(s)

mcp-server-kubernetes < 2.5.0

References

https://github.com/Flux159/mcp-server-kubernetes/security...

x_refsource_CONFIRM

https://github.com/cyanheads/git-mcp-server/commit/0dbd69...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jun 27, 2025