Critical severity9.8NVD Advisory· Published May 12, 2026· Updated May 13, 2026
CVE-2025-65719
CVE-2025-65719
Description
An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kubectl-mcp-servernpm | < 1.2.0 | 1.2.0 |
kubectl-mcp-serverPyPI | < 1.2.0 | 1.2.0 |
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: =1.1.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-94gr-w3q5-rfqrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-65719ghsaADVISORY
- www.ox.security/blog/cve-2025-65719-critical-rce-in-kubectl-mcp-serverghsaWEB
- www.ox.security/blog/kubectl-mcp-server-remote-code-executionnvdWEB
- www.ox.security/blog/cve-2025-65719-critical-rce-in-kubectl-mcp-server/nvd
News mentions
0No linked articles in our index yet.