Command Injection Vulnerability in Serverless Framework's MCP Server Package
CVE-2025-69256

7.5HIGH

Key Information:

Vendor: Serverless
Status: Serverless
Vendor: CVE Published:; 30 December 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-69256?

The Serverless Framework features a command injection vulnerability within the MCP server package, affecting versions before 4.29.3. It allows attackers to exploit unsanitized input parameters to inject arbitrary system commands through the 'child_process.exec' function. This flaw particularly impacts users utilizing the experimental MCP server feature, which is a small subset of the user base. Successful attacks can lead to remote code execution within the server process's context, presenting significant security risks. This issue has been resolved in version 4.29.3.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

serverless >= 4.29.0, < 4.29.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CTT-Serverless-RCE-v1.0---Convergent-Time-Theory-Enhanced-MCP-Exploit
Created by SimoesCTT