CVE-2025-54994 is a critical security vulnerability classified under CWE-78, which pertains to improper neutralization of special elements used in OS command execution, commonly known as OS Command Injection. This vulnerability affects versions of the Node.js-based package '@akoskm/create-mcp-server-stdio' prior to 0.0.13. The package serves as a starter kit for MCP (Modular Control Protocol) servers using the StdioServerTransport. The vulnerability arises from the exposure of a tool named 'which-app-on-port' that internally uses the Node.js child process API 'exec' to execute system commands. The 'exec' function is inherently unsafe when concatenated with untrusted user input, as it allows an attacker to inject arbitrary commands that the operating system will execute. This can lead to full system compromise, unauthorized data access, or disruption of services. The issue was addressed in version 0.0.13 by presumably sanitizing inputs or replacing unsafe command execution methods. The CVSS 4.0 base score of 9.3 reflects the critical nature of this flaw, with metrics indicating network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild, but the ease of exploitation and severity make it a significant threat to any deployment using vulnerable versions of this package.

For European organizations, the impact of this vulnerability can be severe, especially for those relying on the '@akoskm/create-mcp-server-stdio' package in their MCP server implementations. Successful exploitation could allow attackers to execute arbitrary OS commands remotely without authentication, leading to potential data breaches, service outages, or lateral movement within networks. This is particularly concerning for industries with critical infrastructure or sensitive data, such as finance, healthcare, and manufacturing. The compromise of MCP servers could disrupt operational technology environments or control systems, which are increasingly integrated with IT networks in Europe. Additionally, organizations subject to strict data protection regulations like GDPR could face legal and financial repercussions if this vulnerability leads to unauthorized data disclosure or service disruption. The absence of known exploits in the wild suggests a window of opportunity for proactive patching before widespread attacks occur.

European organizations should immediately audit their use of the '@akoskm/create-mcp-server-stdio' package and identify any deployments running versions prior to 0.0.13. The primary mitigation is to upgrade to version 0.0.13 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, organizations should implement input validation and sanitization on any user inputs that interact with the 'which-app-on-port' tool or any similar command execution functionality. Restricting network access to MCP servers to trusted hosts and employing application-layer firewalls can reduce exposure. Additionally, monitoring and logging command execution attempts and anomalous activities on affected servers can help detect exploitation attempts. Organizations should also review their incident response plans to include scenarios involving OS command injection attacks and ensure timely patch management processes are in place to prevent exploitation.