CVE-2025-63603

Name of the Vulnerable Software and Affected Versions MCP Data Science Server version 0.1.6

Description A command injection issue exists in the safe eval() function (src/mcp server ds/server.py:108) of the software. The function utilizes Python’s exec() to run scripts provided by users, but it does not limit the builtins dictionary within the globals parameter. When builtins is not explicitly defined, Python grants access to all built-in functions, including import, exec, eval, and open. This allows an attacker to execute arbitrary Python code with full system privileges, potentially leading to complete system compromise. The issue can be exploited by submitting a malicious script to the run script tool, which does not require authentication or special privileges.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the safe eval() function until a patch is available. Restrict access to the run script tool to minimize the risk of exploitation.