What is the CVSS score of CVE-2025-66404?

CVE-2025-66404 has a CVSS 3.1 base score of 6.4 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.3%.

Which versions of Kubernetes are affected by CVE-2025-66404?

Organizations using MCP Server Kubernetes should be aware of moderate risk from CVE-2025-66404, a command injection vulnerability rated CVSS 6.4.. A patch is available.

Is there a public PoC exploit available for CVE-2025-66404?

Yes, a public proof-of-concept exploit is available for CVE-2025-66404. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2025-66404?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Validate input sanitization for user-controlled parameters.

Kubernetes CVE-2025-66404

EUVD-2025-201109 MEDIUM

Command Injection (CWE-77)

2025-12-03 security-advisories@github.com

GHSA-wvxp-jp4w-w8wg

Kubernetes Command Injection Mcp Server Kubernetes

6.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:14 euvd

EUVD-2025-201109

Analysis Generated

Mar 15, 2026 - 16:14 vuln.today

Patch released

Mar 15, 2026 - 16:14 nvd

Patch available

PoC Detected

Dec 16, 2025 - 19:07 vuln.today

Public exploit code

CVE Published

Dec 03, 2025 - 21:15 nvd

MEDIUM 6.4

DescriptionNVD

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.

Analysis

Technical ContextAI

Command injection allows an attacker to execute arbitrary OS commands on the host system through a vulnerable application that passes user input to system shells.

RemediationAI

A vendor patch is available — apply it immediately. Avoid passing user input to system commands. Use language-specific APIs instead of shell commands. If unavoidable, use strict input validation and escaping.

CVE-2025-66404 vulnerability details – vuln.today

Back

Kubernetes CVE-2025-66404

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code