← voltar
CVE-2025-59834

Command Injection in adb-mcp MCP Server

CVSS 9.8 CRITICALEPSS 2.3%CWE-77CWE-78
ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. This issue has been patched via commit 041729c.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
srmorete · adb-mcp

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/srmorete/adb-mcp/blob/master/src/index.ts#L334-L355https://github.com/srmorete/adb-mcp/commit/041729c0b25432df3199ff71b3163a307cf4c28chttps://github.com/srmorete/adb-mcp/security/advisories/GHSA-54j7-grvr-9xwg