What is CVE-2025-66404?

CVE-2025-66404 is a medium-severity vulnerability in Flux159 Mcp-server-kubernetes, classified under Command Injection. CVSS score: 6.4/10. Published 2025-12-03.

How severe is CVE-2025-66404?

Medium severity. CVSS v3 base score is 6.4 out of 10.

RCE in Flux159 Mcp-server-kubernetes

CVE-2025-66404

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.003 (55.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H.

Affected products

Flux159 Mcp-server-kubernetes — versions < 2.9.8

Weakness classification (CWE)

CWE-77 — Command Injection

References

https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-wvxp-jp4w-w8wg (x_refsource_CONFIRM)
https://github.com/Flux159/mcp-server-kubernetes/commit/d091107ff92d9ffad1b3c295092f142d6578c48b (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-66404?: CVE-2025-66404 is a medium-severity vulnerability in Flux159 Mcp-server-kubernetes, classified under Command Injection. CVSS score: 6.4/10. Published 2025-12-03.
How severe is CVE-2025-66404?: Medium severity. CVSS v3 base score is 6.4 out of 10.