CVE-2025-11285

A vulnerability was found in samanhappy MCPHub up to 0.9.10. Affected by this issue is some unknown functionality of the file src/controllers/serverController.ts. The manipulation of the argument command/args results in os command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: Oct 5, 2025
Updated: Oct 10, 2025
CVE: CVE-2025-11285
GHSA: GHSA-5q2p-3jg8-2m98
Severity: Low
Exploit:

No technical information available.

CWEs:

CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
@samanhappy / mcphub	-	0.9.10.x

https://github.com/August829/YU1/issues/6
https://vuldb.com/?ctiid.327043
https://vuldb.com/?id.327043
https://vuldb.com/?submit.659734

Vulnerability Database

CVE-2025-11285

Deep Security Visibility Without the Complexity