CVE-2025-5277

Summary

aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the host system.

Affected Software

VendorProductVersion RangeStatus
alexei-ledaws-mcp-server0 < 1.3.0affected

Weaknesses

  • CWE-78: OS Command Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References