CVE-2025-54073 – A command injection vulnerability in mcp-packag... (How to Fix)

Q: What is the severity of CVE-2025-54073?

CVE-2025-54073 has a CVSS score of 7.5 (HIGH). A command injection vulnerability in mcp-package-docs MCP Server allows attackers to execute arbitrary system commands via unsanitized user input in child_process.exec calls. This affects all users running vulnerable versions of the mcp-package-docs server, potentially leading to remote code execution with server process privileges.

📋 TL;DR

A command injection vulnerability in mcp-package-docs MCP Server allows attackers to execute arbitrary system commands via unsanitized user input in child_process.exec calls. This affects all users running vulnerable versions of the mcp-package-docs server, potentially leading to remote code execution with server process privileges.

💻 Affected Systems

Products:

mcp-package-docs MCP Server

Versions: All versions prior to 0.1.27

Operating Systems: All operating systems where mcp-package-docs runs

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration as it stems from improper input sanitization in core functionality.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the mcp-package-docs server process, potentially leading to data theft, lateral movement, or complete system takeover.

🟠

Likely Case

Remote code execution allowing attackers to run arbitrary commands, install malware, exfiltrate data, or pivot to other systems on the network.

🟢

If Mitigated

Limited impact with proper network segmentation and least privilege configurations, potentially only affecting the isolated server process.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable to insider threats or compromised internal systems, but attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is straightforward to exploit as it involves simple command injection via shell metacharacters. Public advisories and commit details provide enough information for attackers to craft exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.1.27 (fixed in commit cb4ad49615275379fd6f2f1cf1ec4731eec56eb9), upgrade to 0.1.28 recommended

Vendor Advisory: https://github.com/advisories/GHSA-3q26-f695-pp76

Restart Required: Yes

Instructions:

1. Stop the mcp-package-docs server. 2. Update to version 0.1.28 or later using npm: 'npm update mcp-package-docs'. 3. Restart the server. 4. Verify the fix by checking the version and testing with known exploit patterns.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and sanitization for all user-provided parameters before they reach the vulnerable child_process.exec calls.

Use child_process.execFile Instead

all

Replace child_process.exec with child_process.execFile to avoid shell interpretation of metacharacters.

🧯 If You Can't Patch

Implement strict network access controls to limit server exposure to trusted sources only.
Run the server with minimal privileges using a dedicated, low-privilege user account.

🔍 How to Verify

Check if Vulnerable:

Check if mcp-package-docs version is below 0.1.27 by examining package.json or running 'npm list mcp-package-docs'.

Check Version:

npm list mcp-package-docs | grep mcp-package-docs

Verify Fix Applied:

Confirm version is 0.1.27 or higher and test with input containing shell metacharacters to ensure they are properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns in server logs
Shell metacharacters in input parameters
Unexpected child process spawns

Network Indicators:

Unusual outbound connections from the server process
Command and control traffic patterns

SIEM Query:

process.name: 'node' AND process.args: '*mcp-package-docs*' AND (process.args: '*|*' OR process.args: '*>*' OR process.args: '*&&*' OR process.args: '*`*')

📊 Metadata

CVE ID: CVE-2025-54073

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-77

EPSS Score: 0.14% exploit probability (34.2th percentile)

Published: July 18, 2025

Last Updated: July 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54073, you might also want to check these: