A vulnerability was found in samanhappy MCPHub up to 0.9.10. Affected by this issue is some unknown functionality of the file src/controllers/serverController.ts. The manipulation of the argument command/args results in os command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| Link | Resource |
|---|---|
| https://github.com/August829/YU1/issues/6 | Exploit Issue Tracking |
| https://vuldb.com/?ctiid.327043 | Permissions Required VDB Entry |
| https://vuldb.com/?id.327043 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.659734 | Third Party Advisory VDB Entry |
| https://github.com/August829/YU1/issues/6 | Exploit Issue Tracking |
Configurations
History
09 Oct 2025, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Mcphubx mcphub
Mcphubx |
|
| CPE | cpe:2.3:a:mcphubx:mcphub:*:*:*:*:*:*:*:* | |
| References | () https://github.com/August829/YU1/issues/6 - Exploit, Issue Tracking | |
| References | () https://vuldb.com/?ctiid.327043 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.327043 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.659734 - Third Party Advisory, VDB Entry |
07 Oct 2025, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/August829/YU1/issues/6 - |
05 Oct 2025, 06:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-10-05 06:15
Updated : 2025-10-09 17:16
NVD link : CVE-2025-11285
Mitre link : CVE-2025-11285
CVE.ORG link : CVE-2025-11285
JSON object : View
Products Affected
mcphubx
- mcphub