CVE-2025-11491
Published: 08 October 2025
Summary
CVE-2025-11491 is a low-severity Command Injection (CWE-77) vulnerability in Wonderwhy-Er Desktopcommandermcp. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 41.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).
Deeper analysis
A vulnerability identified as CVE-2025-11491 affects wonderwhy-er DesktopCommanderMCP versions up to 0.2.13. The issue resides in the CommandManager function within src/command-manager.ts, where improper handling of input enables OS command injection. The flaw is remotely exploitable and has been publicly disclosed, corresponding to CWE-77 and CWE-78.
An authenticated remote attacker with limited privileges can supply crafted input to the affected function, resulting in execution of arbitrary operating system commands. The CVSS 4.0 score of 2.1 reflects low overall impact limited to partial effects on confidentiality, integrity, and availability within the local scope, with no effect on subsequent systems.
EPSS probability rose from a low baseline to a peak of 0.0177 on 2025-12-11 before receding to the current value of 0.0037, indicating a period of increased exploitation interest following public disclosure. The referenced GitHub issues and Vuldb entries document the finding but do not detail specific patches or mitigations.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-33289
Vulnerability details
A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been…
more
made public and could be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an OS command injection issue, directly enabling arbitrary command execution via Command and Scripting Interpreter (T1059).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of all inputs to CommandManager before they reach OS command execution, blocking the injection vector in src/command-manager.ts.
Enforces least-privilege execution context so that even a successful command injection yields only limited C/I/A impact as described in the CVSS vector.
Restricts the system to least functionality, disabling or sandboxing the shell/command features that DesktopCommanderMCP exposes and thereby reducing the attack surface for remote injection.