CVE-2025-52573: iOS Simulator MCP Command Injection allowed via exec API
User initiated and remote command injection on a running MCP Server.
References
- github.com/advisories/GHSA-6f6r-m9pv-67jw
- github.com/joshuayoes/ios-simulator-mcp
- github.com/joshuayoes/ios-simulator-mcp/blob/main/src/index.ts
- github.com/joshuayoes/ios-simulator-mcp/commit/eb53a4f2cc8bbeb13e8d6d930f00167befcdb809
- github.com/joshuayoes/ios-simulator-mcp/releases/tag/v1.3.3
- github.com/joshuayoes/ios-simulator-mcp/security/advisories/GHSA-6f6r-m9pv-67jw
- nvd.nist.gov/vuln/detail/CVE-2025-52573
Code Behaviors & Features
Detect and mitigate CVE-2025-52573 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →