CVE-2025-69256

Name of the Vulnerable Software and Affected Versions Serverless Framework versions 4.29.0 through 4.29.2

Description The Serverless Framework is a framework used for building applications with AWS Lambda and other managed cloud services. A command injection issue exists in the Serverless Framework's built-in MCP server package (@serverless/mcp). This affects users of the experimental MCP server feature, representing less than 0.1% of Serverless Framework users. The core Serverless Framework CLI and deployment functionality are not affected. The issue stems from the unsanitized use of input parameters within a call to child process.exec, allowing an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution with the privileges of the server process. The server constructs and executes shell commands using unvalidated user input, creating a potential for shell metacharacter injection such as |, >, and &&.

Recommendations Update to Serverless Framework version 4.29.3 or later.