CVE-2025-53100

Published Jul 1, 2025

Last updated 15 days ago

CVSS high 8.6

Overview

Description
RestDB's Codehooks.io MCP Server is an MCP server on the Codehooks.io platform. Prior to version 0.2.2, the MCP server is written in a way that is vulnerable to command injection attacks as part of some of its MCP Server tools definition and implementation. This could result in a user initiated remote command injection attack on a running MCP Server. This issue has been patched in version 0.2.2.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.6
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-78

Social media

Hype score
Not currently trending

  1. 🚨 #CyberAlert: Attention developers! CVE-2025-53100 is a critical command injection vulnerability affecting RestDB's https://t.co/KWlSYaNNLA MCP Server before v0.2.2. 🖥️⚠️ Update to v0.2.2 ASAP to stay secure and prevent remote attacks. 🔒 #CyberSecurity #PatchNow #

    @SecAideInfo

    4 Jul 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.