CNNVD-202510-3950 Information

CNNVD ID

CNNVD-202510-3950

Related CVE

CVE-2025-11202

• CNNVD Published: 2025-10-29

Description (Chinese)

Windows CLI MCP Server是Simon Benedict个人开发者的一个上下文协议服务器。 Windows CLI MCP Server存在操作系统命令注入漏洞，该漏洞源于resolveCommandPath方法未正确验证用户输入字符串，可能导致远程代码执行。

Description (English)

Windows CLI MCP Server is a context protocol server for Simon Benedict’s personal developer. Windows CLI MCP Server has an operational system command that injects a loophole, which results from the failure to correctly validate user input strings in a method that may result in remote code execution.

Hazard Level

Low

Vulnerability Type

操作系统命令注入

Affected Vendor

个人开发者

Published

2025-10-29

Last Modified

2026-02-24

References

https://github.com/simon-ami/win-cli-mcp-server/commit/521b4a34190d03bde7d433d213c36357181a6d09 https://www.zerodayinitiative.com/advisories/ZDI-25-930/

Patch

https://github.com/simon-ami/win-cli-mcp-server/commit/521b4a34190d03bde7d433d213c36357181a6d09