{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-69902", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-17T14:01:39.958Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-03-16T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-16T20:40:52.491Z"}, "descriptions": [{"lang": "en", "value": "A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/rohitg00/kubectl-mcp-server"}, {"url": "https://pypi.org/project/kubectl-mcp-tool"}, {"url": "https://github.com/rohitg00/kubectl-mcp-server/blob/main/kubectl_mcp_tool/minimal_wrapper.py"}, {"url": "https://asec.ahnlab.com/ko/92922/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T14:00:05.668581Z", "id": "CVE-2025-69902", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T14:01:39.958Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-69902", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-17T14:00:05.668581Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T14:00:36.634Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/rohitg00/kubectl-mcp-server"}, {"url": "https://pypi.org/project/kubectl-mcp-tool"}, {"url": "https://github.com/rohitg00/kubectl-mcp-server/blob/main/kubectl_mcp_tool/minimal_wrapper.py"}, {"url": "https://asec.ahnlab.com/ko/92922/"}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-16T20:40:52.491Z"}}}, "cveMetadata": {"cveId": "CVE-2025-69902", "state": "PUBLISHED", "dateUpdated": "2026-03-17T14:01:39.958Z", "dateReserved": "2026-01-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-16T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comandos en el componente minimal_wrapper.py de kubectl-mcp-server v1.2.0 permite a los atacantes ejecutar comandos arbitrarios mediante la inyecci\u00f3n de metacaracteres de shell arbitrarios."}], "id": "CVE-2025-69902", "lastModified": "2026-04-27T19:18:46.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-16T21:16:17.700", "references": [{"source": "cve@mitre.org", "url": "https://asec.ahnlab.com/ko/92922/"}, {"source": "cve@mitre.org", "url": "https://github.com/rohitg00/kubectl-mcp-server"}, {"source": "cve@mitre.org", "url": "https://github.com/rohitg00/kubectl-mcp-server/blob/main/kubectl_mcp_tool/minimal_wrapper.py"}, {"source": "cve@mitre.org", "url": "https://pypi.org/project/kubectl-mcp-tool"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.2.0"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "kubectl-mcp-server", "vendor": "rohitg00"}], "analysis": {"en": {"generated_at": "2026-03-17T16:50:32.352094+00:00", "value": {"mitigation_remediation": ["Upgrade kubectl-mcp-server to the latest release or apply any vendor\u2011issued patch.", "If upgrading is not immediately possible, disable or remove the minimal_wrapper.py component to eliminate the vulnerable entry point.", "Implement strict input validation or sandboxing around the execution of shell commands if the wrapper must remain operational.", "Enforce least privileged execution for any remaining disabled or unchanged components to mitigate potential exploitation."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is kubectl-mcp-server version 1.2.0, particularly the minimal_wrapper.py module used for command execution. Systems running this version and exploiting the minimal wrapper are susceptible; no vendor/product mapping was provided by the CNA.", "description_and_impact": "A command injection vulnerability is present in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0. The flaw allows an attacker to inject arbitrary shell metacharacters, permitting the execution of any command on the host where the wrapper runs. This represents a high\u2011severity remote code execution risk, as depicted by a CVSS score of 9.8, and can compromise system confidentiality, integrity, and availability.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 9.8 and an EPSS score of less than 1\u202f%, indicating low probability of exploitation but high impact. It is not listed in the CISA KEV catalog. The likely attack vector is local or network-based access to the wrapper script that can inject shell metacharacters; this inference is made based on the description of arbitrary command execution. Exploitation requires the ability to supply input to the wrapper, after which the injected shell metacharacters are executed by the operating system."}}}}, "created": "2026-03-17T09:55:25.507720+00:00", "title": "Command Injection in kubectl\u2011mcp-server Minimal Wrapper Vulnerability", "updated": "2026-03-23T14:00:57.308014+00:00", "vendors": ["rohitg00", "rohitg00$PRODUCT$kubectl-mcp-server"]}