CVE-2025-11285
BaseFortify
Publication date: 2025-10-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mcphubx | mcphub | to 0.9.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11285 is a remote code execution vulnerability in samanhappy MCPHub up to version 0.9.10. It occurs because the application does not properly sanitize or validate the 'command' and 'args' fields when creating a new MCP server of type 'stdio'. This allows an attacker to inject and execute arbitrary operating system commands on the host server remotely by manipulating these fields in the server configuration, leading to full control over the affected system. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized remote code execution on the host server, which compromises the confidentiality, integrity, and availability of the system. An attacker can execute arbitrary commands, potentially leading to data theft, system manipulation, service disruption, or complete takeover of the affected server. Since the exploit is publicly available and no mitigations or patches exist, the risk of exploitation is high. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to create a new MCP server of type "stdio" using the createServer API endpoint with crafted payloads that include malicious "command" and "args" fields to test for command injection. For example, sending a POST request to /api/servers with JSON payload {"command": "/bin/sh", "args": ["-c", "whoami > /tmp/666.txt"]} can verify if arbitrary commands are executed on the server. Monitoring for unexpected files like /tmp/666.txt or unusual process executions can also indicate exploitation attempts. Network detection can include monitoring POST requests to /api/servers with suspicious payloads. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting access to the createServer API endpoint to prevent attackers from creating new MCP servers with malicious configurations. Since no patches or vendor mitigations are available, consider blocking or filtering requests that include the "command" and "args" fields or deploying network-level controls to restrict access to the vulnerable service. Additionally, consider using alternative products or isolating the affected MCPHub instance to limit exposure until a fix or patch is available. [3]