aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the host system.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/5xxx/CVE-2025-5277.json",
"cna_assigner": "snyk",
"cwe_ids": [
"CWE-78"
]
}