CVE-2025-63603

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-63603

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-63603.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-63603

Published

2025-11-18T16:15:45.833Z

Modified

2026-03-13T03:40:50.528279Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A command injection vulnerability exists in the MCP Data Science Server's (reading-plus-ai/mcp-server-data-exploration) 0.1.6 in the safeeval() function (src/mcpserverds/server.py:108). The function uses Python's exec() to execute user-supplied scripts but fails to restrict the builtins dictionary in the globals parameter. When builtins is not explicitly defined, Python automatically provides access to all built-in functions including import, exec, eval, and open. This allows an attacker to execute arbitrary Python code with full system privileges, leading to complete system compromise. The vulnerability can be exploited by submitting a malicious script to the runscript tool, requiring no authentication or special privileges.

References

https://github.com/reading-plus-ai/mcp-server-data-exploration/issues/12

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "0.1.6"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-63603.json"