Platform
nodejs
Component
mcp-markdownify-server
Fixed in
0.0.2
CVE-2025-5276 describes a Server-Side Request Forgery (SSRF) vulnerability found in the mcp-markdownify-server package. This flaw allows an attacker to induce the server to make requests to arbitrary URLs, potentially exposing sensitive internal resources or leaking data. The vulnerability affects versions of mcp-markdownify-server up to and including 0.0.1. A fix is available in all subsequent versions.
The SSRF vulnerability in mcp-markdownify-server allows an attacker to leverage the Markdownify.get() function to craft malicious prompts. These prompts, when processed by the MCP host, can trigger the server to make HTTP requests to attacker-controlled URLs. This can lead to the leakage of sensitive information, such as internal network details, API keys, or credentials stored within the server's environment. The attacker could potentially read responses from internal services that are not directly accessible from the outside, effectively bypassing security controls. The blast radius extends to any internal resources accessible via HTTP/HTTPS from the server running mcp-markdownify-server.
CVE-2025-5276 was publicly disclosed on 2025-05-29. There is no indication of this vulnerability being actively exploited at the time of writing. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.06% (18% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-5276 is to upgrade to a version of mcp-markdownify-server that addresses the vulnerability. Since a specific fixed version is not provided, upgrading to the latest available version (*) is recommended. If upgrading is not immediately feasible, consider implementing input validation on the Markdownify.get() function to restrict the URLs that can be accessed. Additionally, employing a Web Application Firewall (WAF) with SSRF protection rules can help block malicious requests. Regularly review and update the server's firewall rules to restrict outbound connections to only necessary destinations.
Update the mcp-markdownify-server package to the latest available version. This will resolve the SSRF vulnerability in the Markdownify.get() function. See the release notes for more details about the update.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-5276 is a Server-Side Request Forgery (SSRF) vulnerability affecting mcp-markdownify-server versions up to 0.0.1, allowing attackers to make requests to arbitrary URLs.
You are affected if you are using mcp-markdownify-server version 0.0.1 or earlier. Upgrade to the latest version to mitigate the risk.
Upgrade to the latest version of mcp-markdownify-server (*) to resolve the SSRF vulnerability. If upgrading is not possible, implement input validation and consider using a WAF.
There is currently no evidence of CVE-2025-5276 being actively exploited.
Refer to the relevant package repository or project website for the official advisory regarding CVE-2025-5276.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.