Zurück zur CVE-Übersicht
CVE-2025-5273
MEDIUM(6.5)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Risk Signal Score16/100 — NIEDRIG
- CVSS 6.5 — Mittel
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
6.5
Technische Schwere
Beschreibung
Versions of the package mcp-markdownify-server before 1.0.0 are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server.
Referenzen
- https://github.com/zcaceres/markdownify-mcp/blob/3667bd4765c0e49684ce22df268d02d...
- https://github.com/zcaceres/markdownify-mcp/commit/3a6b202d088ef7acb8be84bc09515...
- https://security.snyk.io/vuln/SNYK-JS-MCPMARKDOWNIFYSERVER-10249193
- https://security.snyk.io/vuln/SNYK-JS-MCPMARKDOWNIFYSERVER-10249193