CVE-2025-53372: Command Injection Vulnerability in node-code-sandbox-mcp Allows Remote Code Execution

node-code-sandbox-mcp, a Node.js-based Model Context Protocol (MCP) server, is susceptible to a command injection vulnerability. This flaw allows attackers to execute arbitrary system commands on the host machine, potentially bypassing the intended sandbox protection.

Vulnerability Details

CVE ID: CVE-2025-53372
Description: A command injection vulnerability exists in node-code-sandbox-mcp versions prior to 1.3.0. The vulnerability stems from the unsanitized use of input parameters within a call to child_process.execSync. An attacker can inject arbitrary system commands, leading to remote code execution with the server process's privileges. This bypasses the sandbox designed to isolate code execution within Docker containers.
CVSS Score and Vector:
- CVSS 3.1 Score: 7.5 (High)
- Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Explanation: This score reflects the high impact of a successful exploit. While the attack complexity is high and requires user interaction, the potential for complete compromise of confidentiality, integrity, and availability is significant. An attacker needs to trick a user into triggering the vulnerable code path, but the impact is severe if successful.
Exploit Requirements: User interaction is required, as the attacker needs to entice a user to trigger the vulnerable code path.
Affected Vendor, Product, Version:
- Vendor: alfonsograziano
- Product: node-code-sandbox-mcp
- Version: Versions prior to 1.3.0
CWE:
- CWE ID: CWE-77
- CWE Name: Command Injection
- Explanation: Command injection occurs when an application incorporates untrusted data into a command that is then executed by the system. This allows attackers to execute arbitrary commands, potentially leading to system compromise.

Timeline of Events

2025-07-08: Vulnerability disclosed and CVE assigned.
Prior to 2025-07-08: Vulnerability present in node-code-sandbox-mcp versions before 1.3.0.

Exploitability & Real-World Risk

While the attack complexity is rated as High due to the need for user interaction, the potential impact is severe. An attacker could leverage this vulnerability to gain complete control of the server, potentially accessing sensitive data, modifying system configurations, or using the compromised system as a launchpad for further attacks within the network. The fact that this vulnerability allows bypassing Docker's sandbox adds to the severity of the risk.

Recommendations

Update to Version 1.3.0 or later: The vulnerability is fixed in version 1.3.0. Ensure you upgrade your node-code-sandbox-mcp installation to this version or a later one.
Input Sanitization: Always sanitize and validate user inputs to prevent command injection vulnerabilities.
Principle of Least Privilege: Run the node-code-sandbox-mcp process with the minimum privileges necessary to perform its functions.

Technical Insight

The vulnerability arises from the use of child_process.execSync with unsanitized input. This function executes a command in a shell, making it susceptible to command injection if the input contains malicious shell metacharacters. By crafting a specific input, an attacker can inject arbitrary commands that will be executed by the system with the privileges of the Node.js process. The fix likely involves sanitizing the input to escape or remove any potentially harmful shell metacharacters before passing it to execSync.

Credit to Researcher(s)

This vulnerability was reported via GitHub Security Advisory.

CVE-2025-53372: Command Injection Vulnerability in node-code-sandbox-mcp Allows RCE

CVE-2025-53372: Command Injection Vulnerability in node-code-sandbox-mcp Allows Remote Code Execution

Vulnerability Details

Timeline of Events

Exploitability & Real-World Risk

Recommendations

Technical Insight

Credit to Researcher(s)

References

Tags

Timeline

References

Post a Comment

Contact Form