CVE-2025-11202
Published: 29 October 2025
Summary
CVE-2025-11202 is a critical-severity OS Command Injection (CWE-78) vulnerability in Zerodayinitiative (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 20.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
Deeper analysis
CVE-2025-11202 is a command injection vulnerability in the resolveCommandPath method of win-cli-mcp-server. The flaw stems from insufficient validation of a user-supplied string that is passed directly to a system call, enabling arbitrary command execution. It affects installations of the win-cli-mcp-server package and carries a CVSS 3.0 base score of 9.8 with the CWE-78 classification for OS command injection.
Unauthenticated remote attackers can exploit the issue over the network to execute arbitrary code in the context of the service account. No user interaction or credentials are required, and successful exploitation grants full control over the affected service.
The referenced Zero Day Initiative advisory ZDI-25-930 and the associated GitHub commit document the fix, which adds proper input sanitization to the resolveCommandPath implementation. Administrators should apply the patch or update to the corrected version of win-cli-mcp-server to eliminate the vulnerability. The EPSS score remains low with only a modest increase between its current and peak values.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-36708
Vulnerability details
win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the resolveCommandPath…
more
method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27787.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp
Related Threats
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.