CVE-2025-61489 | THREATINT

Description

A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string.

PUBLISHED Reserved 2025-09-26 | Published 2026-01-07 | Updated 2026-01-07 | Assigner mitre

References

github.com/sonirico/mcp-shell

github.com/sonirico/mcp-shell/issues/4

cve.org (CVE-2025-61489)

nvd.nist.gov (CVE-2025-61489)

Download JSON