CVE-2025-53372
📋 TL;DR
CVE-2025-53372 is a command injection vulnerability in node-code-sandbox-mcp that allows attackers to execute arbitrary system commands on the host machine. This bypasses the Docker sandbox protection and enables remote code execution under the server process privileges. Anyone running node-code-sandbox-mcp versions before 1.3.0 is affected.
💻 Affected Systems
- node-code-sandbox-mcp
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full compromise of the host system with attacker gaining the same privileges as the node-code-sandbox-mcp server process, potentially leading to lateral movement, data exfiltration, or complete system takeover.
Likely Case
Remote code execution allowing attackers to run arbitrary commands, install malware, access sensitive data, or pivot to other systems on the network.
If Mitigated
Limited impact if proper network segmentation, least privilege principles, and input validation are implemented, though the vulnerability still presents significant risk.
🎯 Exploit Status
The vulnerability is straightforward to exploit as it involves command injection via unsanitized input to child_process.execSync. No authentication is required if the service is exposed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.0
Vendor Advisory: https://github.com/alfonsograziano/node-code-sandbox-mcp/security/advisories/GHSA-5w57-2ccq-8w95
Restart Required: Yes
Instructions:
1. Update node-code-sandbox-mcp to version 1.3.0 or later using npm update node-code-sandbox-mcp. 2. Restart the MCP server. 3. Verify the fix by checking the version and testing input validation.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict input validation and sanitization for all parameters passed to child_process.execSync
// Example: Use child_process.execFileSync with proper argument handling
// const { execFileSync } = require('child_process');
// const args = sanitizedArgs;
// execFileSync('command', args);
Network Access Restriction
linuxRestrict network access to the node-code-sandbox-mcp server to trusted sources only
# Example iptables rule to restrict access
iptables -A INPUT -p tcp --dport <PORT> -s <TRUSTED_IP> -j ACCEPT
iptables -A INPUT -p tcp --dport <PORT> -j DROP
🧯 If You Can't Patch
- Isolate the vulnerable system in a separate network segment with strict firewall rules
- Implement application-level input validation and sanitization for all user inputs
🔍 How to Verify
Check if Vulnerable:
Check the package.json file or run npm list node-code-sandbox-mcp to see if version is below 1.3.0Check Version:
npm list node-code-sandbox-mcp | grep node-code-sandbox-mcpVerify Fix Applied:
Verify the installed version is 1.3.0 or higher and test that command injection attempts are properly rejected📡 Detection & Monitoring
Log Indicators:
- Unusual child process executions from node-code-sandbox-mcp
- Error messages related to command execution failures
- Suspicious command strings in application logs
Network Indicators:
- Unexpected outbound connections from the node-code-sandbox-mcp server
- Traffic patterns indicating command and control activity
SIEM Query:
source="node-code-sandbox-mcp" AND (process_execution OR command_injection)