CVE-2025-54994: 
JavaScript vulnerability analysis and mitigation

CVE-2025-54994 affects the @akoskm/create-mcp-server-stdio package, an MCP server starter kit that uses StdioServerTransport. The vulnerability was discovered in versions prior to 0.0.13, where the MCP Server was susceptible to command injection attacks. The issue was specifically identified in the tool 'which-app-on-port' implementation, which used Node.js child process API 'exec' in an unsafe manner when handling untrusted user input (GitHub Advisory).

The vulnerability stems from the improper use of Node.js child process API 'exec' in the MCP Server's 'which-app-on-port' tool implementation. The vulnerable code concatenated untrusted user input directly into command strings, allowing for potential command injection attacks. The issue has been classified as CWE-78 (Improper Neutralization of Special Elements used in an OS Command). The vulnerability received a CVSS 4.0 Base Score of 9.3 CRITICAL with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (NVD).

The vulnerability allows for user-initiated and remote command injection on a running MCP Server. When exploited through techniques such as prompt injection, attackers can execute arbitrary commands on the host running the MCP Server by using special shell characters in the input. This could lead to unauthorized command execution and potential system compromise (GitHub Advisory).

The vulnerability has been patched in version 0.0.13 of @akoskm/create-mcp-server-stdio. The fix involves replacing the unsafe 'exec' API with 'execFile', which handles command arguments as array elements and prevents command injection. Users are strongly recommended to upgrade to version 0.0.13 or later. For cases where immediate upgrade is not possible, it's recommended to avoid using the 'which-app-on-port' tool with untrusted input (GitHub Advisory).