PT-2025-40796 · Samanhappy · Mcphub
Yu Bao
·
Published
2025-10-05
·
Updated
2025-10-07
·
CVE-2025-11285
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
samanhappy MCPHub versions up to 0.9.10
Description
A flaw exists in samanhappy MCPHub that allows for remote operating system command injection. The issue is related to the manipulation of the
command/args argument within the file src/controllers/serverController.ts. The exploit has been publicly released.Recommendations
Versions prior to 0.9.10 are affected.
Exploit
Fix
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mcphub