CVE-2025-9654 is a command injection vulnerability identified in the AiondaDotCom mcp-ssh product, specifically affecting versions 1.0.0 through 1.0.3. The vulnerability resides in an unspecified functionality within the file server-simple.mjs component. Command injection vulnerabilities allow an attacker to execute arbitrary commands on the underlying operating system by manipulating input parameters that are improperly sanitized or validated. In this case, the attack can be initiated remotely without requiring user interaction or authentication, which significantly increases the risk profile. The vulnerability has a CVSS 4.0 base score of 5.3, categorized as medium severity. The vector metrics indicate network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The scope remains unchanged (S:N), and no security requirements are affected (SC:N, SI:N, SA:N). The vendor has released patches in versions 1.0.4 and 1.1.0, with the patch identified by commit cd2566a948b696501abfa6c6b03462cac5fb43d8. No known exploits are currently reported in the wild. Given the nature of the vulnerability, an attacker could potentially execute arbitrary system commands remotely, leading to unauthorized access, data leakage, or disruption of services depending on the privileges of the mcp-ssh process and the environment in which it operates.

For European organizations using AiondaDotCom mcp-ssh versions 1.0.0 to 1.0.3, this vulnerability poses a tangible risk of remote command execution, which could compromise system confidentiality, integrity, and availability. Organizations in sectors with critical infrastructure, such as finance, healthcare, and government, could face significant operational disruptions or data breaches if exploited. The medium severity rating reflects that while the impact on confidentiality, integrity, and availability is low to moderate, the ease of exploitation without authentication and user interaction increases the threat level. Attackers could leverage this vulnerability to pivot within networks, escalate privileges, or deploy malware. The lack of known exploits in the wild currently reduces immediate risk, but the availability of patches and public disclosure means attackers may develop exploits in the near future. European organizations with internet-facing deployments of mcp-ssh or those using it in internal network segments should consider this a priority for patching to prevent potential exploitation.

1. Immediate upgrade of AiondaDotCom mcp-ssh to version 1.0.4 or later (including 1.1.0) to apply the official patch addressing the command injection vulnerability. 2. Conduct an inventory to identify all instances of mcp-ssh within the organization, including development, testing, and production environments, to ensure no affected versions remain in use. 3. Implement network segmentation and firewall rules to restrict access to mcp-ssh services, limiting exposure to trusted IP addresses and reducing the attack surface. 4. Enable and monitor detailed logging on mcp-ssh servers to detect suspicious command execution attempts or anomalous activities indicative of exploitation attempts. 5. Employ intrusion detection and prevention systems (IDS/IPS) with updated signatures to detect potential exploitation attempts targeting this vulnerability. 6. Review and enforce the principle of least privilege for the mcp-ssh service account to minimize the impact of a successful command injection attack. 7. Conduct regular vulnerability scanning and penetration testing to verify the effectiveness of applied patches and security controls.