CVE-2025-11285

MediumPublic PoC

Published: 05 October 2025

Published

05 October 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0029 52.7th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

Security Summary

CVE-2025-11285 is an OS command injection vulnerability affecting samanhappy MCPHub up to version 0.9.10. The issue resides in an unknown functionality within the file src/controllers/serverController.ts, where manipulation of the command/args argument enables command injection. It is associated with CWE-77 and CWE-78, carrying a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

The vulnerability is exploitable remotely by attackers who possess low privileges (PR:L) on the target system. Successful exploitation allows arbitrary OS command execution, resulting in low impacts to confidentiality, integrity, and availability.

Advisories from VulDB and a related GitHub issue indicate that the vendor was contacted early regarding the disclosure but provided no response. No patches or official mitigations are available, and an exploit has been publicly disclosed, increasing the risk of active use.

Details

CWE(s): CWE-77CWE-78

Affected Products

mcphubx

mcphub

≤ 0.9.10

AI Security Analysis

AI Category: AI Agent Protocols and Integrations
Risk Domain: Not Applicable
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: The vulnerability is a standard OS command injection (CWE-78) in a TypeScript server controller of MCPHub, a general-purpose server management tool for spawning processes via stdio servers. No keywords, references, or context indicate involvement with AI, machine learning, deep learning, NLP, computer vision, models, agents, or any listed AI categories. MCPHub appears to be a non-AI software hub without AI-specific functionality.

MITRE ATT&CK Enterprise Techniques

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1202 Indirect Command Execution Stealth

Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

attack.mitre.org →

Why these techniques?

The OS command injection vulnerability (CWE-78) in MCPHub's serverController.ts enables remote arbitrary command execution via unsanitized command/args, mapping to T1059 (Command and Scripting Interpreter), T1190 (Exploit Public-Facing Application) for remote exploitation of the web/API service, and T1202 (Indirect Command Execution) as noted in the advisory.

References

https://github.com/August829/YU1/issues/6
Exploit, Issue Tracking · cna@vuldb.com
https://vuldb.com/?ctiid.327043
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.327043
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.659734
Third Party Advisory, VDB Entry · cna@vuldb.com
https://github.com/August829/YU1/issues/6
Exploit, Issue Tracking · 134c704f-9b21-4f2e-91b3-4a467353bcc0