Critical severityOSV Advisory· Published Jan 7, 2026· Updated Jan 7, 2026

CVE-2025-61492

Description

A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
terminal-controllerPyPI	<= 0.1.7	—

Affected products

GongRzhe/Terminal Controller McpOSV
Range: v0.1.5, v0.1.6, v0.1.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-h4rf-624j-gj33ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-61492ghsaADVISORY
github.com/GongRzhe/terminal-controller-mcp/issues/7ghsaWEB
github.com/cfdude/super-shell-mcp/issues/19ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000