平台
nodejs
组件
mcp-markdownify-server
修复版本
0.0.2
CVE-2025-5276 describes a Server-Side Request Forgery (SSRF) vulnerability found in the mcp-markdownify-server package. This flaw allows an attacker to induce the server to make requests to arbitrary URLs, potentially exposing sensitive internal resources or leaking data. The vulnerability affects versions of mcp-markdownify-server up to and including 0.0.1. A fix is available in all subsequent versions.
The SSRF vulnerability in mcp-markdownify-server allows an attacker to leverage the Markdownify.get() function to craft malicious prompts. These prompts, when processed by the MCP host, can trigger the server to make HTTP requests to attacker-controlled URLs. This can lead to the leakage of sensitive information, such as internal network details, API keys, or credentials stored within the server's environment. The attacker could potentially read responses from internal services that are not directly accessible from the outside, effectively bypassing security controls. The blast radius extends to any internal resources accessible via HTTP/HTTPS from the server running mcp-markdownify-server.
CVE-2025-5276 was publicly disclosed on 2025-05-29. There is no indication of this vulnerability being actively exploited at the time of writing. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog.
Applications and services utilizing the mcp-markdownify-server package, particularly those deployed in environments with sensitive internal resources accessible via HTTP/HTTPS, are at risk. This includes development environments, testing servers, and production deployments where the package is used for markdown processing.
• nodejs: Monitor process execution for suspicious outbound HTTP requests originating from the mcp-markdownify-server process. Use ps aux | grep mcp-markdownify-server to identify running processes and netstat -an | grep mcp-markdownify-server to check connections.
ps aux | grep mcp-markdownify-server
netstat -an | grep mcp-markdownify-server• generic web: Check access logs for requests to unusual or unexpected URLs originating from the server hosting mcp-markdownify-server. Look for patterns indicative of SSRF attempts.
grep 'markdownify-server' /var/log/apache2/access.logdisclosure
漏洞利用状态
EPSS
0.06% (18% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-5276 is to upgrade to a version of mcp-markdownify-server that addresses the vulnerability. Since a specific fixed version is not provided, upgrading to the latest available version (*) is recommended. If upgrading is not immediately feasible, consider implementing input validation on the Markdownify.get() function to restrict the URLs that can be accessed. Additionally, employing a Web Application Firewall (WAF) with SSRF protection rules can help block malicious requests. Regularly review and update the server's firewall rules to restrict outbound connections to only necessary destinations.
将 mcp-markdownify-server 软件包更新到最新可用版本。这将修复 Markdownify.get() 函数中的 SSRF 漏洞。请参阅版本说明以获取有关更新的更多详细信息。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-5276 is a Server-Side Request Forgery (SSRF) vulnerability affecting mcp-markdownify-server versions up to 0.0.1, allowing attackers to make requests to arbitrary URLs.
You are affected if you are using mcp-markdownify-server version 0.0.1 or earlier. Upgrade to the latest version to mitigate the risk.
Upgrade to the latest version of mcp-markdownify-server (*) to resolve the SSRF vulnerability. If upgrading is not possible, implement input validation and consider using a WAF.
There is currently no evidence of CVE-2025-5276 being actively exploited.
Refer to the relevant package repository or project website for the official advisory regarding CVE-2025-5276.