CVE-2025-53100
Published: 01 July 2025
Summary
CVE-2025-53100 is a high-severity OS Command Injection (CWE-78) vulnerability. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 16.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain; MITRE ATLAS techniques in scope: Command and Scripting Interpreter (AML.T0050), LLM Prompt Injection (AML.T0051).
Deeper analysis
RestDB's Codehooks.io MCP Server, an MCP server component on the Codehooks.io platform, is affected by a command injection vulnerability (CWE-78) in versions prior to 0.2.2. The flaw stems from insecure definition and implementation of certain MCP Server tools, allowing injection of operating system commands.
An unauthenticated remote attacker can trigger the issue via a user-initiated interaction with a running MCP Server instance, achieving full control over host commands with high impact to confidentiality, integrity, and availability. The CVSS 4.0 vector reflects network attack reachability, low complexity, and no required privileges.
The vulnerability has been addressed in version 0.2.2, as documented in the project's GitHub security advisory GHSA-fhq6-jf5q-qxvq and the associated commits that remediate the affected tool implementations. The EPSS score remains low with negligible movement between its current value of 0.0181 and recorded peak of 0.0197.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-19660
Vulnerability details
RestDB's Codehooks.io MCP Server is an MCP server on the Codehooks.io platform. Prior to version 0.2.2, the MCP server is written in a way that is vulnerable to command injection attacks as part of some of its MCP Server tools…
more
definition and implementation. This could result in a user initiated remote command injection attack on a running MCP Server. This issue has been patched in version 0.2.2.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- Classification Reason
- Matched keywords: mcp
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The command injection vulnerability enables remote arbitrary command execution on the MCP server (T1059: Command and Scripting Interpreter) via exploitation of a public-facing application (T1190: Exploit Public-Facing Application).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.