CVE-2022-25973

HIGH

mc-kill-port - Code Injection

Title source: llm

Description

All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument.

References (2)

[Exploit, Third Party Advisory] https://security.snyk.io/vuln/SNYK-JS-MCKILLPORT-2419070

[Product, Third Party Advisory] https://www.npmjs.com/package/mc-kill-port

Scores

CVSS v3 7.8

EPSS 0.0029

EPSS Percentile 52.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-88

Status published

Affected Products (2)

mc-kill-port_project/mc-kill-port

npm/mc-kill-port npm

Timeline

Published Aug 10, 2022

Tracked Since Feb 18, 2026