CVE-2025-59834
Last modified
CVE-2025-59834 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. EPSS estimates a 2.29% chance of exploitation in the next 30 days.
Description
ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. This issue has been patched via commit 041729c.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Srmorete | Adb Mcp Server | <= 0.1.0 |
References
- https://github.com/srmorete/adb-mcp/security/advisories/GHSA-54j7-grvr-9xwgExploit, Vendor Advisory
- https://github.com/srmorete/adb-mcp/security/advisories/GHSA-54j7-grvr-9xwgExploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-59834?
How severe is CVE-2025-59834?
How do I fix CVE-2025-59834?
Are you affected by CVE-2025-59834?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST