Unrated severityOSV Advisory· Published Jan 7, 2026· Updated Jan 7, 2026

CVE-2025-61489

Description

A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string.

Affected products

Sonirico/Mcp ShellOSV
Range: v0.1.0, v0.2.0, v0.2.2, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/sonirico/mcp-shell/issues/4mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000