CVE-2025-53372

node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use o...

CVE-2025-53372 node-code-sandbox-mcp has a Sandbox Escape via Command Injection

node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use o...

CVE-2025-53372 node-code-sandbox-mcp has a Sandbox Escape via Command Injection

node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use o...

CVE-2025-53372 node-code-sandbox-mcp has a Sandbox Escape via Command Injection

node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use o...

CVE-2025-53372

creationtimestamp| type| source ---|---|--- 2025-07-08 06:35:04+00:00| published-proof-of-concept| https://github.com/alfonsograziano/node-code-sandbox-mcp/security/advisories/GHSA-5w57-2ccq-8w95...

PT-2025-28473 · Unknown · Node-Code-Sandbox-Mcp

Name of the Vulnerable Software and Affected Versions: node-code-sandbox-mcp versions prior to 1.3.0 Description: The issue is caused by the unsanitized use of input parameters within a call to child process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitati...