Is there a public PoC exploit available for CVE-2025-11491?

Yes, a public proof-of-concept exploit is available for CVE-2025-11491. Prioritise patching immediately. EPSS: 0.1%.

DesktopCommanderMCP CVE-2025-11491

Q: What is the CVSS score of CVE-2025-11491?

CVE-2025-11491 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

LOW

Command Injection (CWE-77)

2025-10-08 cna@vuldb.com

Command Injection Desktopcommandermcp

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 02:04 vuln.today

DescriptionCVE.org

A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

AnalysisAI

OS command injection in DesktopCommanderMCP up to version 0.2.13 allows authenticated remote attackers to execute arbitrary system commands via manipulation of the CommandManager function in src/command-manager.ts. The vulnerability has a low CVSS score (2.1) due to authentication requirement and limited scope, but publicly available exploit code exists and the low EPSS score (0.14th percentile) suggests real-world exploitation risk is minimal despite public POC availability.

Technical ContextAI

DesktopCommanderMCP is a Model Context Protocol server implementation that manages command execution. The vulnerability exists in the CommandManager function within src/command-manager.ts, which handles OS command invocation. CWE-77 (Improper Neutralization of Special Elements used in a Command) indicates the function fails to properly sanitize or validate user-supplied input before passing it to OS command execution routines. This allows an authenticated user to inject shell metacharacters or command sequences that are interpreted by the underlying operating system shell rather than treated as literal arguments.

RemediationAI

Upgrade DesktopCommanderMCP to a version newer than 0.2.13 once available from the wonderwhy-er GitHub repository. If upgrade is not immediately available, implement input validation and sanitization in the CommandManager function to reject or escape shell metacharacters (such as pipes, redirects, semicolons, backticks, and dollar-sign substitutions) before passing user input to OS command execution routines. Additionally, restrict DesktopCommanderMCP access to trusted authenticated users only, and consider running the application with minimal OS privileges (separate service account with no shell access or sudo rights) to limit the blast radius if command injection is exploited. Monitor the official GitHub repository at https://github.com/wonderwhy-er/DesktopCommanderMCP for patch releases, particularly version 0.2.14 or later.

CVE-2025-11491 vulnerability details – vuln.today

Back