Vulnerability Details CVE-2025-59834
ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. This issue has been patched via commit 041729c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.0%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/srmorete/adb-mcp/blob/master/src/index.ts#L334-L355
- https://github.com/srmorete/adb-mcp/commit/041729c0b25432df3199ff71b3163a307cf4c28c
- https://github.com/srmorete/adb-mcp/security/advisories/GHSA-54j7-grvr-9xwg
- https://github.com/srmorete/adb-mcp/security/advisories/GHSA-54j7-grvr-9xwg
Products affected by CVE-2025-59834
-
cpe:2.3:a:srmorete:adb_mcp_server:*