Description
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There is no attempt to sanitize these arguments in the default configuration of this MCP server at the affected version (as of commit 2f3a5512 in September of 2025).
References (2)
Core 2
Core References
Various Sources third-party-advisory
technical-description
exploit
https://takeonme.org/gcves/GCVE-1337-2025-00000000000000000000000000000000000000000000000000111111111111111111111111000000000000000000000000000000000000000000000000000000011
Issue Tracking issue-tracking
https://github.com/0x4m4/hexstrike-ai/issues/115
Scores
CVSS v3
9.1
EPSS
0.0452
EPSS Percentile
90.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
0x4m4/HexStrike AI
33267047667b9accfbf0fdac1c1c7ff12f3a5512
Published
Nov 30, 2025
Tracked Since
Feb 18, 2026