CVE-2025-66401 | kapilduraphe mcp-watch up to 0.1.2 cloneRepo githubUrl os command injection (GHSA-27m7-ffhq-jqrm)

A vulnerability was found in kapilduraphe mcp-watch up to 0.1.2. It has been rated as critical. The affected element is the function cloneRepo. The manipulation of the argument githubUrl leads to os command injection.

This vulnerability is uniquely identified as CVE-2025-66401. The attack is possible to be carried out remotely. No exploit exists.

It is suggested to install a patch to address this issue.VulDB Recent EntriesRead More