{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T17:19:08.269","vulnerabilities":[{"cve":{"id":"CVE-2025-53355","sourceIdentifier":"security-advisories@github.com","published":"2025-07-08T20:15:30.020","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. A command injection vulnerability exists in the mcp-server-kubernetes MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. This vulnerability is fixed in 2.5.0."},{"lang":"es","value":"MCP Server Kubernetes es un servidor MCP que puede conectarse a un clúster de Kubernetes y administrarlo. Existe una vulnerabilidad de inyección de comandos en el servidor MCP mcp-server-kubernetes. Esta vulnerabilidad se debe al uso no autorizado de parámetros de entrada en una llamada a child_process.execSync, lo que permite a un atacante inyectar comandos arbitrarios del sistema. Una explotación exitosa puede provocar la ejecución remota de código con los privilegios del proceso del servidor. Esta vulnerabilidad se corrigió en la versión 2.5.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://github.com/Flux159/mcp-server-kubernetes/commit/ab165f5a0eea917fef5dbae954506fff6f4bf514","source":"security-advisories@github.com"},{"url":"https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-gjv4-ghm7-q58q","source":"security-advisories@github.com"},{"url":"https://github.com/cyanheads/git-mcp-server/commit/0dbd6995ccdf76ab770b58013034365b2d06c4d9","source":"security-advisories@github.com"},{"url":"https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-gjv4-ghm7-q58q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}