CVE-2025-66404
BaseFortify
Publication date: 2025-12-03
Last updated on: 2025-12-16
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| suyogs | mcp-server-kubernetes | to 2.9.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the exec_in_pod tool of the MCP Server Kubernetes prior to version 2.9.8. The tool accepts user commands in string format and passes them directly to shell interpretation without validating the input. This allows shell metacharacters to be interpreted, enabling attackers to perform command injection either directly or indirectly, including through AI agents executing commands without explicit user intent.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized command execution on the Kubernetes cluster managed by the MCP Server. This can result in compromise of confidentiality, integrity, and availability of the system, potentially allowing attackers to execute arbitrary commands, disrupt services, or gain elevated privileges.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the MCP Server Kubernetes to version 2.9.8 or later, as this version contains the fix for the vulnerability in the exec_in_pod tool that prevents command injection via shell interpretation.