npm›ios-simulator-mcp›CVE-2025-525736 MEDIUMiOS Simulator MCP Command Injection allowed via exec APIUser initiated and remote command injection on a running MCP Server.