A vulnerability was found in win-cli-mcp-server and classified as critical. Impacted is the function resolveCommandPath. Such manipulation leads to command injection.

This vulnerability is uniquely identified as CVE-2025-11202. The attack can be launched remotely. No exploit exists.

It is suggested to upgrade the affected component.