CVE-2025-9654
BaseFortify
Publication date: 2025-08-29
Last updated on: 2025-08-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aiondadotcom | mcp-ssh | 1.0.4 |
| aiondadotcom | mcp-ssh | 1.1.0 |
| aiondadotcom | mcp-ssh | 1.0.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9654 is a command injection vulnerability in the AiondaDotCom mcp-ssh software versions up to 1.0.3. The issue occurs in the file server-simple.mjs where user-supplied input is improperly sanitized before being passed to Node.js's child_process.exec function to execute SSH and SCP commands. Although attempts were made to sanitize double quotes, attackers can bypass this using command substitution syntax like $(...), allowing them to execute arbitrary system commands remotely on the server hosting the MCP server. [1, 2]
How can this vulnerability impact me? :
This vulnerability allows remote attackers to execute arbitrary commands on the affected system without needing local access. This can compromise the confidentiality, integrity, and availability of the system by enabling unauthorized command execution, potentially leading to data breaches, system manipulation, or denial of service. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves command injection via improperly sanitized inputs passed to SSH and SCP commands in the mcp-ssh server. Detection can focus on monitoring for unusual or unexpected SSH or SCP command executions that include suspicious shell metacharacters or command substitution syntax such as $(...). Network or system monitoring tools could be configured to log and alert on such patterns. Additionally, inspecting logs for unexpected remote command executions or file transfers initiated by the mcp-ssh server may help detect exploitation attempts. Specific commands to detect exploitation are not provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation is to upgrade the affected mcp-ssh software to version 1.0.4 or 1.1.0, which include a patch that replaces unsafe exec() calls with execFile() calls, preventing command injection. This patch also improves input validation and upgrades dependencies to fix related vulnerabilities. Applying this update effectively eliminates the command injection risk. No other mitigation steps are explicitly mentioned. [2, 3, 4]