Vulnerability Details CVE-2025-65512
A Server-Side Request Forgery (SSRF) vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to internal network services.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.0%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-65512
-
cpe:2.3:a:zcaceres:markdownify_mcp_server:*