CVE-2025-11490 – This CVE describes an OS command injection vuln... (How to Fix)

Q: What is the severity of CVE-2025-11490?

CVE-2025-11490 has a CVSS score of 6.3 (MEDIUM). This CVE describes an OS command injection vulnerability in DesktopCommanderMCP up to version 0.2.13. Attackers can execute arbitrary commands on the system by manipulating the extractBaseCommand function in the Absolute Path Handler component. Users of DesktopCommanderMCP versions 0.2.13 and earlier are affected.

📋 TL;DR

This CVE describes an OS command injection vulnerability in DesktopCommanderMCP up to version 0.2.13. Attackers can execute arbitrary commands on the system by manipulating the extractBaseCommand function in the Absolute Path Handler component. Users of DesktopCommanderMCP versions 0.2.13 and earlier are affected.

💻 Affected Systems

Products:

wonderwhy-er DesktopCommanderMCP

Versions: up to and including 0.2.13

Operating Systems: All platforms where DesktopCommanderMCP runs

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration of affected versions. No special configuration is required for exploitation.

📦 What is this software?

Desktopcommandermcp by Wonderwhy Er

View all CVEs affecting Desktopcommandermcp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing remote attackers to execute arbitrary commands with the privileges of the DesktopCommanderMCP process, potentially leading to data theft, ransomware deployment, or complete system takeover.

🟠

Likely Case

Limited command execution within the context of the application's permissions, potentially allowing file system access, data exfiltration, or lateral movement within the network.

🟢

If Mitigated

If proper input validation and sandboxing are implemented, impact is limited to the application's restricted execution environment with minimal system access.

🌐 Internet-Facing: MEDIUM - Attack can be performed remotely, but requires specific interaction with the vulnerable component which may not be directly internet-exposed in all deployments.

🏢 Internal Only: HIGH - If deployed internally, attackers with network access could exploit this vulnerability to gain foothold and move laterally within the environment.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit details have been publicly disclosed but no proof-of-concept code is available. Exploitation requires understanding of the command injection vector and access to trigger the vulnerable function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 0.2.13 (check GitHub for latest)

Vendor Advisory: https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/218

Restart Required: No

Instructions:

1. Check current version with 'npm list desktopcommandermcp' or similar package manager command. 2. Update to latest version using package manager: 'npm update desktopcommandermcp' or equivalent. 3. Verify update completed successfully.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement strict input validation for command parameters to prevent path traversal and command injection attempts.

Implement validation in command-manager.ts to sanitize all user inputs before processing

Sandbox Execution

all

Run DesktopCommanderMCP with minimal privileges and in a restricted execution environment.

Run as non-privileged user, use containerization, or implement process sandboxing

🧯 If You Can't Patch

Network segmentation: Isolate systems running vulnerable versions from critical network segments
Monitor for suspicious command execution patterns and implement strict logging of all command invocations

🔍 How to Verify

Check if Vulnerable:

Check package.json or run 'npm list desktopcommandermcp' to see if version is 0.2.13 or earlier

Check Version:

npm list desktopcommandermcp | grep desktopcommandermcp

Verify Fix Applied:

After update, verify version is greater than 0.2.13 using 'npm list desktopcommandermcp'

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns, unexpected absolute paths in command parameters, commands with shell metacharacters

Network Indicators:

Unexpected outbound connections from DesktopCommanderMCP process, command and control traffic patterns

SIEM Query:

process.name:"DesktopCommanderMCP" AND (command_line:*".."* OR command_line:*"/"* OR command_line:*"|"* OR command_line:*"&"* OR command_line:*";"*)

📊 Metadata

CVE ID: CVE-2025-11490

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-77

EPSS Score: 0.29% exploit probability (52.2th percentile)

Published: October 8, 2025

Last Updated: December 12, 2025

🔗 References

https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/218 Exploit,Issue Tracking,Vendor Advisory
https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/218#issue-3343855120 Exploit,Issue Tracking,Vendor Advisory
https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/218#issuecomment-3214135034 Issue Tracking
https://vuldb.com/?ctiid.327609 Permissions Required,VDB Entry
https://vuldb.com/?id.327609 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.668005 Third Party Advisory,VDB Entry
https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/218 Exploit,Issue Tracking,Vendor Advisory
https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/218#issue-3343855120 Exploit,Issue Tracking,Vendor Advisory
https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/218#issuecomment-3214135034 Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11490, you might also want to check these: