CVE-2025-9654
📋 TL;DR
CVE-2025-9654 is a command injection vulnerability in AiondaDotCom mcp-ssh up to version 1.0.3 that allows remote attackers to execute arbitrary commands on affected systems. The vulnerability exists in the server-simple.mjs file and can be exploited without authentication. Organizations using vulnerable versions of mcp-ssh for SSH server functionality are affected.
💻 Affected Systems
- AiondaDotCom mcp-ssh
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining root/system-level access, data exfiltration, ransomware deployment, or complete system takeover.
Likely Case
Unauthorized command execution leading to data theft, service disruption, or lateral movement within the network.
If Mitigated
Limited impact due to network segmentation, least privilege configurations, and proper input validation preventing successful exploitation.
🎯 Exploit Status
Command injection vulnerabilities typically have low exploitation complexity; remote unauthenticated access increases risk.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.4 or 1.1.0
Vendor Advisory: https://github.com/AiondaDotCom/mcp-ssh/commit/cd2566a948b696501abfa6c6b03462cac5fb43d8
Restart Required: Yes
Instructions:
1. Stop the mcp-ssh service. 2. Update package using npm: 'npm update @aiondadotcom/mcp-ssh'. 3. Verify version is 1.0.4 or higher. 4. Restart the service.
🔧 Temporary Workarounds
Network Access Restriction
linuxRestrict network access to mcp-ssh service to trusted IPs only
iptables -A INPUT -p tcp --dport [SSH_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [SSH_PORT] -j DROP
🧯 If You Can't Patch
- Implement strict input validation and sanitization for all user inputs to the server-simple.mjs component
- Run mcp-ssh service with minimal privileges using a dedicated non-root user account
🔍 How to Verify
Check if Vulnerable:
Check package.json or run: npm list @aiondadotcom/mcp-ssh | grep versionCheck Version:
npm list @aiondadotcom/mcp-ssh | grep versionVerify Fix Applied:
Verify version is 1.0.4 or higher and check for commit cd2566a948b696501abfa6c6b03462cac5fb43d8 in git history📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns in system logs
- Unexpected process spawns from mcp-ssh service
- Failed authentication attempts followed by successful command execution
Network Indicators:
- Unusual outbound connections from mcp-ssh server
- SSH traffic from unexpected sources
SIEM Query:
source="mcp-ssh" AND (event="command_execution" OR process="unusual_command")