CVE-2025-53355 – “Kubernetes MCP Server Command Injection Vulnerability”

CVE ID : CVE-2025-53355

Published : July 8, 2025, 8:15 p.m. | 1 hour, 5 minutes ago

Description : MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. A command injection vulnerability exists in the mcp-server-kubernetes MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process’s privileges. This vulnerability is fixed in 2.5.0.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…