- Description
- MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. A command injection vulnerability exists in the mcp-server-kubernetes MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. This vulnerability is fixed in 2.5.0.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-77
- Hype score
- Not currently trending
CVE-2025-53355: When Your AI Kubernetes Assistant Goes Rogue https://t.co/0tCUiE6ZCv
@_cvereports
9 Jul 2025
20 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53355 MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. A command injection vulnerability exists in the mcp-server-kubernetes M… https://t.co/delUoNDaNu
@CVEnew
9 Jul 2025
218 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes