CVE-2025-66404

{"id": "CVE-2025-66404", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-66404", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2025-12-03T20:52:00.654811Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "affected": [{"source": "security-advisories@github.com", "affectedData": [{"vendor": "Flux159", "product": "mcp-server-kubernetes", "versions": [{"status": "affected", "version": "< 2.9.8"}]}]}], "published": "2025-12-03T21:15:53.233", "references": [{"url": "https://github.com/Flux159/mcp-server-kubernetes/commit/d091107ff92d9ffad1b3c295092f142d6578c48b", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-wvxp-jp4w-w8wg", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-wvxp-jp4w-w8wg", "tags": ["Exploit", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8."}, {"lang": "es", "value": "MCP Server Kubernetes es un servidor MCP que puede conectarse a un cl\u00faster de Kubernetes y gestionarlo. Versiones anteriores a la 2.9.8, existe un problema de seguridad en la herramienta exec_in_pod del servidor MCP mcp-server-kubernetes. La herramienta acepta comandos proporcionados por el usuario tanto en formato de array como de cadena. Cuando se proporciona un formato de cadena, se pasa directamente a la interpretaci\u00f3n del shell (sh -c) sin validaci\u00f3n de entrada, permitiendo que los metacaracteres del shell sean interpretados. Esta vulnerabilidad puede ser explotada a trav\u00e9s de inyecci\u00f3n de comandos directa o ataques de inyecci\u00f3n de prompt indirecta, donde los agentes de IA pueden ejecutar comandos sin la intenci\u00f3n expl\u00edcita del usuario. Esta vulnerabilidad se corrige en la 2.9.8."}], "lastModified": "2026-06-17T09:56:46.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:suyogs:mcp-server-kubernetes:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "A0C07B19-F12C-4FBE-804F-05CDF04B2A6A", "versionEndExcluding": "2.9.8"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}