CVE-2025-53818
BaseFortify
Publication date: 2025-07-14
Last updated on: 2025-07-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| github | kanban_mcp_server | 0.3.0 |
| nodejs | node.js | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a command injection flaw in GitHub Kanban MCP Server versions 0.3.0 and 0.4.0. The server exposes a tool called 'add_comment' that uses the Node.js child process API 'exec' to run GitHub ('gh') commands. Because 'exec' is used unsafely with untrusted user input concatenated into the command, an attacker can inject and execute arbitrary commands on the server.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could execute arbitrary commands on the MCP Server without any privileges or user interaction. This could lead to full compromise of the server, unauthorized access to data, disruption of service, or further attacks within the environment.
What immediate steps should I take to mitigate this vulnerability?
Since no patches are currently available, immediate mitigation steps include avoiding use of the vulnerable MCP Server versions 0.3.0 and 0.4.0, especially the 'add_comment' tool that uses the unsafe Node.js exec API with untrusted input. Restrict access to the MCP Server to trusted users only and monitor for any suspicious activity related to command execution. Consider implementing input validation or sandboxing to prevent command injection until a patch is released.