Cyber Resilience

CVE-2025-11202

CriticalRCE

Published: 29 October 2025

Published
29 October 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0119 79.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-11202 is a critical-severity OS Command Injection (CWE-78) vulnerability in Zerodayinitiative (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 20.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

Deeper analysis

CVE-2025-11202 is a command injection vulnerability in the resolveCommandPath method of win-cli-mcp-server. The flaw stems from insufficient validation of a user-supplied string that is passed directly to a system call, enabling arbitrary command execution. It affects installations of the win-cli-mcp-server package and carries a CVSS 3.0 base score of 9.8 with the CWE-78 classification for OS command injection.

Unauthenticated remote attackers can exploit the issue over the network to execute arbitrary code in the context of the service account. No user interaction or credentials are required, and successful exploitation grants full control over the affected service.

The referenced Zero Day Initiative advisory ZDI-25-930 and the associated GitHub commit document the fix, which adds proper input sanitization to the resolveCommandPath implementation. Administrators should apply the patch or update to the corrected version of win-cli-mcp-server to eliminate the vulnerability. The EPSS score remains low with only a modest increase between its current and peak values.

EU & UK References

Vulnerability details

win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the resolveCommandPath…

more

method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27787.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

Affected Assets

Zerodayinitiative
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References