A vulnerability was found in win-cli-mcp-server and classified as critical. Impacted is the function
resolveCommandPath
. Such manipulation leads to command injection.
This vulnerability is uniquely identified as CVE-2025-11202. The attack can be launched remotely. No exploit exists.
It is suggested to upgrade the affected component.