CVE-2025-11285
Published: 05 October 2025
Summary
CVE-2025-11285 is a medium-severity Command Injection (CWE-77) vulnerability in Mcphubx Mcphub. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 47.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Not Applicable risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents OS command injection by requiring validation and sanitization of the vulnerable command/args inputs in serverController.ts.
Mandates timely identification, reporting, and remediation of the unpatched OS command injection flaw in MCPHub up to 0.9.10.
Enforces least privilege on low-privilege (PR:L) users and server processes to limit the scope and impact of arbitrary OS commands executed via injection.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The OS command injection vulnerability (CWE-78) in MCPHub's serverController.ts enables remote arbitrary command execution via unsanitized command/args, mapping to T1059 (Command and Scripting Interpreter), T1190 (Exploit Public-Facing Application) for remote exploitation of the web/API service, and T1202 (Indirect Command Execution) as noted in the advisory.
NVD Description
A vulnerability was found in samanhappy MCPHub up to 0.9.10. Affected by this issue is some unknown functionality of the file src/controllers/serverController.ts. The manipulation of the argument command/args results in os command injection. The attack can be launched remotely. The…
more
exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-11285 is an OS command injection vulnerability (CWE-77, CWE-78) in samanhappy MCPHub versions up to 0.9.10. The issue affects unknown functionality within the file src/controllers/serverController.ts, where manipulation of the command/args argument enables command injection.
The vulnerability allows remote exploitation (AV:N) with low attack complexity (AC:L) by users with low privileges (PR:L) and no user interaction (UI:N), resulting in unchanged scope (S:U). Successful attacks can achieve low impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), as reflected in its CVSS v3.1 base score of 6.3.
References from VulDB and a GitHub issue (https://github.com/August829/YU1/issues/6) detail the vulnerability disclosure, noting that the vendor was contacted early but provided no response. No patches or specific mitigations are mentioned in the available advisories.
The exploit has been made public, increasing the risk of exploitation in affected environments.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Not Applicable
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- The vulnerability is a standard OS command injection (CWE-78) in a TypeScript server controller of MCPHub, a general-purpose server management tool for spawning processes via stdio servers. No keywords, references, or context indicate involvement with AI, machine learning, deep learning, NLP, computer vision, models, agents, or any listed AI categories. MCPHub appears to be a non-AI software hub without AI-specific functionality.