CVE-2025-52573: 
JavaScript vulnerability analysis and mitigation

iOS Simulator MCP Server (ios-simulator-mcp) is a Model Context Protocol (MCP) server for interacting with iOS simulators. A command injection vulnerability was discovered in versions prior to 1.3.3, identified as CVE-2025-52573. The vulnerability was disclosed on June 26, 2025, and affects the MCP Server tool definition and implementation, particularly the ui_tap tool which relies on Node.js child process API exec (GitHub Advisory).

The vulnerability stems from the unsafe use of Node.js child process API exec when concatenating untrusted user input. The affected parameters include duration, udid, and x and y coordinates, which can be manipulated with shell meta-characters like ; or && to alter command execution. The vulnerability has been assigned a CVSS v3.1 score of 6.0 (Medium) with a vector string of CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H. The weakness is classified as CWE-78: Improper Neutralization of Special Elements used in an OS Command (GitHub Advisory).

When exploited, this vulnerability allows attackers to execute arbitrary commands on the host running the MCP Server. Through prompt injection and other attack vectors, malicious actors can inject special shell characters (e.g., ; rm -rf /tmp;#) to execute unauthorized commands. This affects the integrity and availability of the system, though confidentiality remains uncompromised according to the CVSS metrics (GitHub Advisory).

The vulnerability has been patched in version 1.3.3 with several security improvements. The fix includes replacing childprocess.exec with the more secure childprocess.execFile, implementing strict input validation using zod for all user-provided arguments, and adding proper argument handling with -- separator to prevent shell misinterpretation. Users are strongly advised to upgrade to version 1.3.3 or later (GitHub Release).