CVE-2025-61489
MEDIUM WAF: High
CVSS 6.5
Published: 2026-01-07
CWE-77
A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string.
WAF Coverage Analysis
Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| sonirico | mcp-shell | 0.3.1 |
References
- github.com (Product)
- github.com (Exploit, Issue Tracking)