CVE-2025-11285 | samanhappy MCPHub up to 0.9.10 serverController.ts command/args os command injection

A vulnerability, which was classified as critical, was found in samanhappy MCPHub up to 0.9.10. Affected by this issue is some unknown functionality of the file src/controllers/serverController.ts. The manipulation of the argument command/args results in os command injection.

This vulnerability is reported as CVE-2025-11285. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More