How to fix CVE-2025-66401?

Within 24 hours: Identify all systems running MCP Watch 0.1.2 or earlier and isolate them from production networks if possible; disable the cloneRepo functionality if the application supports feature toggles. Within 7 days: Apply the available patch to all affected instances and validate successful deployment. Within 30 days: Conduct a forensic review of logs to determine if the vulnerability was exploited, and implement input validation testing in your security scanner deployment pipeline.

Is Command Injection affected by CVE-2025-66401?

MCP Watch versions 0.1.2 and earlier contain a critical command injection vulnerability that allows attackers to execute arbitrary code on systems running this security scanner.

CVE-2025-66401

EUVD-2025-200116 CRITICAL

2025-12-01 [email protected]

GHSA-27m7-ffhq-jqrm

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 13:34 euvd

EUVD-2025-200116

Analysis Generated

Mar 15, 2026 - 13:34 vuln.today

Patch Released

Mar 15, 2026 - 13:34 nvd

Patch available

PoC Detected

Feb 06, 2026 - 16:34 vuln.today

Public exploit code

CVE Published

Dec 01, 2025 - 23:15 nvd

CRITICAL 9.8

Description

MCP Watch is a comprehensive security scanner for Model Context Protocol (MCP) servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via execSync without sanitization. This allows an attacker to execute arbitrary commands on the host machine by appending shell metacharacters to the URL.

Analysis

Technical Context

Command injection allows an attacker to execute arbitrary OS commands on the host system through a vulnerable application that passes user input to system shells. This vulnerability is classified as OS Command Injection (CWE-78).

Affected Products

Affected products: Kapilduraphe Mcp Watch

Remediation

A vendor patch is available — apply it immediately. Avoid passing user input to system commands. Use language-specific APIs instead of shell commands. If unavoidable, use strict input validation and escaping.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +1.3

CVSS: +49

POC: +20

CVE-2025-66401 vulnerability details – vuln.today

Back

CVE-2025-66401

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-66401

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code