A vulnerability was found in samanhappy MCPHub up to version 0.9.10. This issue affects a specific functionality of the file src/controllers/serverController.ts. The manipulation of the command/args argument results in OS command injection. The attack can be launched remotely. The exploit is public and could be misused. The vendor was contacted regarding this vulnerability but has not responded.
CVE-2025-11285
🟡 Medium
CVE-2025-11285: Remote OS Command Injection in samanhappy MCPHub
A vulnerability in samanhappy MCPHub up to version 0.9.10 allows remote OS command injection through the file src/controllers/serverController.ts.
CVE ID
CVE-2025-11285
CVSS Score
6.3
Vendor
unknown
Published
Oct 05
Vulnerability Details
- CVE ID
- CVE-2025-11285
- Severity
- Medium
- CVSS v3 Score
- 6.3 / 10.0
- Affected Vendor
- unknown
- Publication Date
- October 05, 2025
External Resources
Need Help?
Protect your infrastructure with our comprehensive security scanning tools.
Explore Security Scanners