CVE-2025-9654 | AiondaDotCom mcp-ssh up to 1.0.3 server-simple.mjs command injection

August 29, 2025 Yanac

A vulnerability, which was classified as critical, has been found in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection.

This vulnerability is identified as CVE-2025-9654. The attack can be initiated remotely. There is not any exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More