Command Injection Vulnerability in MCP Server for Kubernetes by False257
CVE-2025-53355
7.5HIGH
What is CVE-2025-53355?
A critical command injection vulnerability exists in the MCP Server Kubernetes, which facilitates connections to Kubernetes clusters for management purposes. Due to improper sanitization of input parameters used in the child_process.execSync call, this vulnerability allows attackers to inject arbitrary system commands. Exploitation of this flaw can lead to remote code execution with the privileges of the server process. This issue has been addressed in version 2.5.0, emphasizing the importance of updating to mitigate potential security risks.
Affected Version(s)
mcp-server-kubernetes < 2.5.0