CVE-2025-66401P2CRITICALCVSS 9.8≤ 0.1.22025-12-01
CVE-2025-66401 [CRITICAL] CWE-78 CVE-2025-66401: MCP Watch is a comprehensive security scanner for Model Context Protocol (MCP) servers. In 0.1.2 and
MCP Watch is a comprehensive security scanner for Model Context Protocol (MCP) servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via execSync without sanitization. This allows an attac
ghsanvdosv