CVE-2025-59155
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-09-16
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hackmd | hackmd_mcp | 1.4.0 |
| hackmd | hackmd_mcp | 1.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-59155 is a Server-Side Request Forgery (SSRF) vulnerability in the hackmd-mcp server versions 1.4.0 to before 1.5.0 when running in HTTP transport mode. The server accepts arbitrary hackmdApiUrl values from the Hackmd-Api-Url HTTP header or a base64-encoded JSON query parameter without proper validation. This allows attackers to redirect outbound API requests to internal network services, access internal endpoints, perform network reconnaissance, and bypass network access controls. The vulnerability does not affect the stdio transport mode. It was fixed in version 1.5.0 by enforcing allowed endpoints via an allowlist and supporting an environment variable to restrict permissible API URLs. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to manipulate the hackmd-mcp server to send requests to internal network services that are normally inaccessible, potentially exposing sensitive internal endpoints and data. Attackers can perform network reconnaissance and bypass network access controls, which could lead to unauthorized access or information disclosure within your internal network. The impact includes low confidentiality and integrity impacts but no availability impact, with no privileges or user interaction required to exploit. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this SSRF vulnerability on your system, you can monitor HTTP requests to the HackMD MCP server for suspicious or unexpected values in the `Hackmd-Api-Url` HTTP header or base64-encoded JSON query parameters that specify arbitrary or internal URLs. Commands to inspect logs or capture traffic might include using tools like `tcpdump` or `tshark` to filter HTTP requests to the MCP server, for example: `tcpdump -i any -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -i Hackmd-Api-Url` to capture and inspect HTTP headers. Additionally, reviewing server logs for unusual API URL values or unexpected outbound connections can help detect exploitation attempts. Since the vulnerability involves manipulation of the `Hackmd-Api-Url` header or query parameters, filtering or searching for these in logs is key. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Upgrade the hackmd-mcp server to version 1.5.0 or later, which includes a fix enforcing an allowlist of permitted HackMD API URLs via the `ALLOWED_HACKMD_API_URLS` environment variable. 2) If upgrading is not immediately possible, switch the server to use stdio transport mode by setting the environment variable `TRANSPORT=stdio` or removing the `TRANSPORT` variable to disable HTTP mode, as stdio mode is not vulnerable. 3) Restrict outbound network access from the server using firewall rules or network policies to prevent unauthorized connections to internal services. 4) Deploy a reverse proxy in front of the server to validate and filter the `Hackmd-Api-Url` HTTP header and base64-encoded JSON query parameters, blocking malicious or unexpected values. These steps help prevent exploitation by limiting or validating the API URLs the server can access. [1, 2]