{"data":{"id":"bf5c0bd7-f6a3-4ec8-a063-565ae7ad200f","title":"CVE-2025-5277: aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the M","summary":"CVE-2025-5277 is a command injection vulnerability (a flaw where an attacker can trick a program into running unwanted commands) in aws-mcp-server, an MCP server (a software tool that helps AI systems interact with AWS cloud services). An attacker can craft a malicious prompt that, when accessed by an MCP client (a program that connects to the server), executes arbitrary commands on the host system, with a critical severity rating of 9.4.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-5277","publishedAt":"2025-05-28T14:15:35.827Z","cveId":"CVE-2025-5277","cweIds":["CWE-78","CWE-78"],"cvssScore":"9.6","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["aws-mcp-server"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0015,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}