CVE-2025-11491
Published: 08 October 2025
Summary
CVE-2025-11491 is a medium-severity Command Injection (CWE-77) vulnerability in Wonderwhy-Er Desktopcommandermcp. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 37.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Remediating the specific flaw in the CommandManager function of src/command-manager.ts by patching to a version beyond 0.2.13 directly eliminates the OS command injection vulnerability.
Validating all inputs to the CommandManager function ensures malicious payloads are rejected, comprehensively preventing OS command injection exploits.
Restricting inputs to the CommandManager to only authorized, safe command types and formats blocks injection attempts remotely over the network.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an OS command injection issue, directly enabling arbitrary command execution via Command and Scripting Interpreter (T1059).
NVD Description
A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been…
more
made public and could be used.
Deeper analysisAI
CVE-2025-11491 is an OS command injection vulnerability affecting wonderwhy-er DesktopCommanderMCP up to version 0.2.13. The flaw resides in the CommandManager function within the src/command-manager.ts file, where manipulation enables attackers to inject operating system commands. It is classified under CWE-77 and CWE-78, with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), indicating medium severity due to network accessibility and low complexity.
Attackers with low privileges can exploit this remotely without user interaction by manipulating the vulnerable function, leading to OS command injection. Successful exploitation results in limited impacts on confidentiality, integrity, and availability, such as potential data exposure, modification, or disruption on the affected system.
Advisories detail the issue in GitHub repository issues at https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/217 and https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/217#issue-3343853704, alongside VulDB entries including https://vuldb.com/?ctiid.327610, https://vuldb.com/?id.327610, and https://vuldb.com/?submit.668006. The exploit has been made public and could be used.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- No AI-related keywords detected.