Security Update Advisory for kubectl-mcp-server Command Injection Vulnerability (CVE-2025-69902)
Overview
A security update has been made available to address a Command Injection vulnerability in the kubectl-mcp-server project. users of affected versions are advised to update to the latest version.
Affected Products
- kubectl-mcp-server
- vulnerable Component: kubectl_mcp_tool/minimal_wrapper.py
- vulnerable versions: kubectl-mcp-tool 1.1.1 and earlier
Resolved Vulnerabilities
Command Injection vulnerability in the run_kubectl_command() function
Vulnerability Description
The vulnerability occurs in the run_kubectl_command() function in the kubectl_mcp_tool/minimal_wrapper.py file.
The function generates a kubectl command based on user input and then executes it using Python’s subprocess.run() function. the shell=True option is used here, so the command string passed in is interpreted through the shell. in a shell environment, metacharacters such as ;, &&, |, and $() are interpreted as command delimiters, and manipulating the input can result in additional unintended command execution.
For example, if a threat actor passes input as follows, additional system commands could be executed after the kubectl get pods command
get pods; id >> /tmp/pwnedManipulating input in this way could allow arbitrary OS command execution on the system where the MCP server is running.
Vulnerability Patches
This vulnerability has been fixed in kubectl-mcp-tool version 1.2.0 and later.
Users are advised to update to the latest version if using a vulnerable version.