CVE-2025-11491 – wonderwhy-er DesktopCommanderMCP command-manager.ts CommandManager os command injection

CVE ID : CVE-2025-11491

Published : Oct. 8, 2025, 7:15 p.m. | 1 hour, 21 minutes ago

Description : A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…