CVE-2025-53372: 
JavaScript vulnerability analysis and mitigation

node-code-sandbox-mcp is a Node.js-based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. A command injection vulnerability (CVE-2025-53372) was discovered in versions prior to 1.3.0. The vulnerability stems from unsanitized use of input parameters within child_process.execSync calls, which enables attackers to inject arbitrary system commands (GitHub Advisory, NVD).

The vulnerability exists in the MCP Server's tooling where user input is directly concatenated into command strings executed via child_process.execSync. This allows injection of shell metacharacters (|, >, &&, etc.) enabling command execution outside the intended Docker container context. The vulnerability has been assigned a CVSS v3.1 score of 7.5 (High) with vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network accessibility with high attack complexity, no privileges required, and user interaction needed (GitHub Advisory).

Successful exploitation can lead to remote code execution under the server process's privileges on the host machine, effectively bypassing the sandbox protection of running code inside Docker containers. This allows attackers to execute arbitrary commands on the host system, potentially compromising the entire server (GitHub Advisory).

The vulnerability has been patched in version 1.3.0 by replacing child_process.execSync with the safer child_process.execFileSync API, which accepts arguments as a separate array and prevents shell interpretation. Users should upgrade to version 1.3.0 or later to receive the security fix (GitHub Advisory).