MCP Watch has a Critical Command Injection in cloneRepo allows...

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

MCP Watch is a comprehensive security scanner for Model Context Protocol (MCP) servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via execSync without sanitization. This allows an attacker to execute arbitrary commands on the host machine by appending shell metacharacters to the URL.

AI Analysis

Command Injection vulnerability in the cloneRepo method of MCP Watch, allowing Remote Code Execution (RCE) via malicious URL

Basic Information

ID CVE-2025-66401

Source GitHub_M

Published Dec 1, 2025 at 22:43

Affected Product

Vendor kapilduraphe

Product mcp-watch

Version <= 0.1.2

Affected Versions kapilduraphe mcp-watch <= 0.1.2

CWE Classification

CWE-78

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor kapilduraphe

Product mcp-watch

Version 0.1.2 and earlier

References

{
    "lastseen": "",
    "description": "MCP Watch is a comprehensive security scanner for Model Context Protocol (MCP) servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via execSync without sanitization. This allows an attacker to execute arbitrary commands on the host machine by appending shell metacharacters to the URL.",
    "published": "2025-12-01T22:43:26.639Z",
    "modified": "2025-12-01T22:43:26.639Z",
    "type": "cve",
    "title": "MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL",
    "source": "GitHub_M",
    "references": "https://github.com/kapilduraphe/mcp-watch/security/advisories/GHSA-27m7-ffhq-jqrm\nhttps://github.com/kapilduraphe/mcp-watch/commit/e7da78c5b4b960f8b66c254059ad9ebc544a91a6",
    "id": "CVE-2025-66401",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "kapilduraphe mcp-watch <= 0.1.2",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mcp-watch",
    "version": "<= 0.1.2",
    "vendor": "kapilduraphe",
    "ai_description": "Command Injection vulnerability in the cloneRepo method of MCP Watch, allowing Remote Code Execution (RCE) via malicious URL",
    "ai_severity": "Critical",
    "ai_vendor": "kapilduraphe",
    "ai_product": "mcp-watch",
    "ai_version": "0.1.2 and earlier",
    "ai_score": 9.8
}

MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL_CVE-2025-66401