CVE-2025-52573: iOS Simulator MCP Server (ios-simulator-mcp) is a Model Context Protocol (MCP) server for interacting with iOS simulator
Summary
iOS Simulator MCP Server (ios-simulator-mcp) versions before 1.3.3 have a command injection vulnerability (a security flaw where attackers insert shell commands into input that gets executed). The vulnerability exists because the `ui_tap` tool uses Node.js's `exec` function unsafely, allowing an attacker to trick an LLM through prompt injection (feeding hidden instructions to an AI to make it behave differently) to pass shell metacharacters like `;` or `&&` in parameters, which can execute unintended commands on the server's computer.
Solution / Mitigation
Update to version 1.3.3, which contains a patch for the issue.
Vulnerability Details
6(medium)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-52573
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 92%