CVE-2025-65719

Name of the Vulnerable Software and Affected Versions kubectl-mcp-server versions prior to 1.2.1

Description A command injection issue allows unauthenticated attackers to execute arbitrary system commands on a victim system. This can be achieved by injecting shell metacharacters into unsanitized input fields or through user interaction with a crafted HTML page, potentially granting full control over the underlying host and the Kubernetes cluster.

Recommendations Update to version 1.2.1 or later.