EUVD-2025-36708

win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2025-11202

CVE-2025-11202 relates to win-cli-mcp-server. The issue is in the resolveCommandPath function where a user-supplied string is used to invoke a system call without proper validation, enabling a remote command execution (RCE). The exploit is unauthenticated and would execute code in the service acc...

Windows CLI MCP Server 操作系统命令注入漏洞

Windows CLI MCP Server is a context protocol server for Simon Benedict Individual Developer. An operating system command injection vulnerability exists in Windows CLI MCP Server that stems from the resolveCommandPath method not properly validating a user input string, which could lead to remote...

PT-2025-40609

Name of the Vulnerable Software and Affected Versions win-cli-mcp-server affected versions not specified Description The software contains a command injection flaw within the resolveCommandPath function. This allows for remote code execution. The issue was discovered by Peter Girnus of Trend...