CVE-2025-11202

Published Oct 29, 2025

Last updated 10 days ago

CVSS critical 9.8
win-cli-mcp-server

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-11202 is a command injection vulnerability affecting win-cli-mcp-server. It exists within the `resolveCommandPath` method due to a lack of proper validation of user-supplied strings before using them in a system call. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. An attacker can leverage this vulnerability to execute code in the context of the service account.

Description
win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the resolveCommandPath method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27787.
Source
zdi-disclosures@trendmicro.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.0

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

zdi-disclosures@trendmicro.com
CWE-78

Social media

Hype score
Not currently trending

  1. MCP servers are now a recognized attack surface. Last 72 hours:   - CVE-2025-11202 (Found be me 😀 through @thezdi): win-cli-mcp-server command injection RCE (CVSS 9.8)   - CVE-2025-64132: Jenkins MCP Server permission bypass The Model Context Protocol is 3 months old and alr

    @gothburz

    1 Nov 2025

    6793 Impressions

    14 Retweets

    89 Likes

    49 Bookmarks

    1 Reply

    1 Quote

  2. [CVE-2025-11202: CRITICAL] Vulnerability alert: Command Injection Remote Code Execution flaw in win-cli-mcp-server. Exploitable without authentication, allowing remote attackers to run arbitrary code. More i...#cve,CVE-2025-11202,#cybersecurity https://t.co/rI6Ey7XZJR https://t.c

    @CveFindCom

    29 Oct 2025

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-11202 win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on a… https://t.co/bkAVYT4Ucj

    @CVEnew

    29 Oct 2025

    354 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability (CVE-2025-11202) #CVE202511202 #CyberSecurity #RemoteCodeExecutionVulnerability https://t.co/mjAedUfydo https://t.co/J9MdrJ4YV9

    @SystemTek_UK

    4 Oct 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.