Cyber Resilience

CVE-2025-61489

MediumPublic PoC

Published: 07 January 2026

Published
07 January 2026
Modified
29 January 2026
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score 0.0456 89.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-61489 is a medium-severity Command Injection (CWE-77) vulnerability in Sonirico Mcp-Shell. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 10.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-61489 is a command injection vulnerability (CWE-77) affecting the shell_exec function in sonirico mcp-shell version 0.3.1. Published on 2026-01-07, it allows attackers to execute arbitrary commands by supplying a crafted command string. The vulnerability carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N), indicating network accessibility with low attack complexity.

Unauthenticated remote attackers can exploit this vulnerability over the network without requiring user interaction or privileges. Exploitation involves crafting a malicious command string that triggers arbitrary command execution via shell_exec, potentially leading to limited impacts on confidentiality and integrity, such as unauthorized access to certain data or modifications, while availability remains unaffected.

Mitigation details and patches are referenced in the project's GitHub repository at https://github.com/sonirico/mcp-shell and the associated issue tracker at https://github.com/sonirico/mcp-shell/issues/4. Security practitioners should review these sources for updates, workarounds, or remediation steps specific to the affected version.

EU & UK References

Vulnerability details

A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Command injection in publicly accessible shell_exec directly enables remote exploitation of a public-facing app (T1190) and arbitrary Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-4048Shared CWE-77
CVE-2026-31059Shared CWE-77
CVE-2026-7416Shared CWE-77
CVE-2026-22284Shared CWE-77
CVE-2024-39783Shared CWE-77
CVE-2024-57583Shared CWE-77
CVE-2026-46368Shared CWE-77
CVE-2024-39781Shared CWE-77
CVE-2024-39367Shared CWE-77
CVE-2026-3518Shared CWE-77

Affected Assets

sonirico
mcp-shell
0.3.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents command injection by validating and sanitizing crafted command strings supplied to the shell_exec function.

prevent

Addresses the specific flaw in sonirico mcp-shell v0.3.1 by timely remediation through vendor patches or updates from the GitHub repository.

prevent

Limits the scope and impact of arbitrary commands executed via injection by enforcing least privilege on processes handling shell_exec.

References