CVE-2025-5277 – Amazon Web Services (AWS) MCP-Server Command Injection Vulnerability

CVE ID : CVE-2025-5277

Published : May 28, 2025, 2:15 p.m. | 1 hour, 28 minutes ago

Description : aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the host system.

Severity: 9.6 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…