CVE-2025-5277

Published May 28, 2025

Last updated 2 months ago

CVSS critical 9.4

Overview

Description
aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the host system.
Source
report@snyk.io
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.4
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

CVSS 3.1

Type
Secondary
Base score
9.6
Impact score
6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

report@snyk.io
CWE-78
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-78

Social media

Hype score
Not currently trending

  1. CVE-2025-5277 (CVSS:9.4, CRITICAL) is Awaiting Analysis. aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the M..https://t.co/03DJTJYdn4 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    2 Jun 2025

    9 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  2. CVE-2025-5277: Command Injection Vulnerability in AWS MCP Server https://t.co/OfVmnxZTMH A Command Injection vulnerability has been identified in the CLI execution function of an AWS MCP server. This flaw reportedly allows clients to execute arbitrary commands on the AWS host

    @hackyboiz

    31 May 2025

    3350 Impressions

    22 Retweets

    50 Likes

    37 Bookmarks

    9 Replies

    0 Quotes

  3. ๐Ÿšจ CVE-2025-5277 โš ๏ธ๐Ÿ”ด CRITICAL (9.4) ๐Ÿข alexei-led - aws-mcp-server ๐Ÿ—๏ธ 0 ๐Ÿ”— https://t.co/Dij8WE80yi ๐Ÿ”— https://t.co/Tzt1KSwmYq #CyberCron #VulnAlert #InfoSec https://t.co/0Eb3YZA6Fk

    @cybercronai

    29 May 2025

    52 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-5277 aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the hosโ€ฆ https://t.co/R4S6oo4ly4

    @CVEnew

    28 May 2025

    437 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2025-5277: CRITICAL] aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the host system.#cve,CVE-2025-5277,#cybersecurity https://t.co/EyumG6o9dA https://t.co/ybYq5j

    @CveFindCom

    28 May 2025

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Critical: CVE-2025-5277 allows command injection in alexei-led aws-mcp-server. Attackers can run arbitrary commands. Patch now! Details: https://t.co/j3zJymFTTh #OffSeq #CVE20255277 #CyberSecurity https://t.co/V810GlO3dg

    @offseq

    28 May 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.