CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-61489

A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.039

EPSS Ranking 88.0%

CVSS Severity

CVSS v3 Score 6.5

References

https://github.com/sonirico/mcp-shell
https://github.com/sonirico/mcp-shell/issues/4

Products affected by CVE-2025-61489

Sonirico » Mcp-Shell » Version: 0.3.1

cpe:2.3:a:sonirico:mcp-shell:0.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-61489

Products

Pricing

Contact Us