CVE-2025-59834
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-25

Last updated on: 2025-10-14

Assigner: GitHub, Inc.

Description
ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. This issue has been patched via commit 041729c.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-25
Last Modified
2025-10-14
Generated
2026-06-16
AI Q&A
2025-09-25
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59834
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
srmorete adb_mcp_server to 0.1.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-59834 is a critical command injection vulnerability in the adb-mcp MCP Server, an npm package that exposes Android Debug Bridge (adb) commands via a Node.js server. The vulnerability occurs because the server uses the Node.js child process API function 'exec' to run shell commands constructed by concatenating user-supplied input without proper sanitization. Specifically, user inputs such as device ID and file paths are directly included in shell commands, allowing an attacker to inject arbitrary shell commands by including special shell characters. This leads to remote command execution on the host running the MCP Server without requiring any privileges or user interaction. [2]

Impact Analysis

This vulnerability can have severe impacts including full compromise of the host running the MCP Server. An attacker can execute arbitrary commands remotely, leading to complete loss of confidentiality, integrity, and availability of the system. This means sensitive data can be exposed or altered, system functionality can be disrupted, and the overall security of the environment can be severely damaged. [2]

Detection Guidance

This vulnerability can be detected by monitoring for unusual or suspicious adb-mcp server activity, especially commands that include shell metacharacters or unexpected parameters in the MCP Server's `inspect_ui` tool. Since the vulnerability involves command injection via user-supplied inputs `device` and `outputPath`, you can look for adb commands executed with suspicious concatenated strings. A practical approach is to audit logs for adb commands containing shell special characters like `;`, `&&`, or backticks. Additionally, you can test the server by attempting to inject commands in these parameters and observing if they execute. Specific commands to detect exploitation attempts might include searching logs with grep for suspicious patterns, for example: `grep -E 'adb .*;|&&|`' /var/log/adb-mcp.log` or monitoring running processes for unexpected commands spawned by adb-mcp. [2]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of vulnerable versions (≀ 0.1.0) of adb-mcp MCP Server. Since the vulnerability arises from using Node.js `exec` with concatenated user input, you should update the code to use `execFile` with separate arguments to prevent shell interpretation. If you maintain the server, apply the patch from commit 041729c (https://github.com/srmorete/adb-mcp/commit/041729c0b25432df3199ff71b3163a307cf4c28c) which fixes the issue. Additionally, restrict network access to the MCP Server to trusted users only, and monitor for suspicious command execution. If patching or upgrading is not immediately possible, consider disabling or restricting the vulnerable `inspect_ui` tool to prevent exploitation. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59834. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart