High severity7.5OSV Advisory· Published Jul 8, 2025· Updated Apr 15, 2026
CVE-2025-53355
CVE-2025-53355
Description
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. A command injection vulnerability exists in the mcp-server-kubernetes MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. This vulnerability is fixed in 2.5.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mcp-server-kubernetesnpm | < 2.5.0 | 2.5.0 |
Affected products
2- Range: 0.2.4, 0.2.5, 0.3.0, …
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-gjv4-ghm7-q58qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-53355ghsaADVISORY
- equixly.com/blog/2025/03/29/mcp-server-new-security-nightmareghsaWEB
- github.com/Flux159/mcp-server-kubernetes/commit/ab165f5a0eea917fef5dbae954506fff6f4bf514nvdWEB
- github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-gjv4-ghm7-q58qnvdWEB
- github.com/cyanheads/git-mcp-server/commit/0dbd6995ccdf76ab770b58013034365b2d06c4d9nvdWEB
- invariantlabs.ai/blog/mcp-github-vulnerabilityghsaWEB
News mentions
0No linked articles in our index yet.