cbcvebase.
CVE-2025-53355
published 2025-07-08

CVE-2025-53355: MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. A command injection vulnerability exists in the…

PriorityP352high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
EPSS
2.19%
80.2th percentile
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. A command injection vulnerability exists in the mcp-server-kubernetes MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. This vulnerability is fixed in 2.5.0.

Affected

5 ranges
VendorProductVersion rangeFixed in
feiskymcp-kubernetes-server<= 0.1.11
feiskyermcp-kubernetes-server<= 0.1.11
feiskyermcp-kubernetes-server0 – 0.1.11
flux159mcp-server-kubernetes>= 0 < 2.5.02.5.0
serverlessserverless>= 4.29.0 < 4.29.34.29.3

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
ghsa7.5HIGH
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.