CVE-2025-59377
published 2025-09-15CVE-2025-59377: feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. NOTE: this is…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.23%
65.3th percentile
feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. NOTE: this is unrelated to mcp-server-kubernetes and CVE-2025-53355.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| feisky | mcp-kubernetes-server | <= 0.1.11 | — |
| feiskyer | mcp-kubernetes-server | 0 – 0.1.11 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa7.5HIGH
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
mcp-kubernetes-server has an OS Command Injection vulnerability
osv·2025-09-15·CVSS 7.5
CVE-2025-59377 [HIGH] mcp-kubernetes-server has an OS Command Injection vulnerability
mcp-kubernetes-server has an OS Command Injection vulnerability
`feiskyer/mcp-kubernetes-server` through **0.1.11** allows **OS command injection** via the `/mcp/kubectl` endpoint. The handler constructs a shell command with user-supplied arguments and executes it with `subprocess` using `shell=True`, enabling injection through shell metacharacters (e.g., `;`, `&&`, `$()`), even when the server is running in **read-only** mode.
A remote, unauthenticated attacker can execute arbitrary OS commands on the host, resulting in full compromise of confidentiality, integrity, and availability.
This issue is **distinct from** `mcp-server-kubernetes` and from **CVE-2025-53355**.
GHSA
mcp-kubernetes-server has an OS Command Injection vulnerability
ghsa·2025-09-15·CVSS 7.5
CVE-2025-59377 [HIGH] CWE-78 mcp-kubernetes-server has an OS Command Injection vulnerability
mcp-kubernetes-server has an OS Command Injection vulnerability
`feiskyer/mcp-kubernetes-server` through **0.1.11** allows **OS command injection** via the `/mcp/kubectl` endpoint. The handler constructs a shell command with user-supplied arguments and executes it with `subprocess` using `shell=True`, enabling injection through shell metacharacters (e.g., `;`, `&&`, `$()`), even when the server is running in **read-only** mode.
A remote, unauthenticated attacker can execute arbitrary OS commands on the host, resulting in full compromise of confidentiality, integrity, and availability.
This issue is **distinct from** `mcp-server-kubernetes` and from **CVE-2025-53355**.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-15
Published