CVE-2025-59834
BaseFortify
Publication date: 2025-09-25
Last updated on: 2025-10-14
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| srmorete | adb_mcp_server | to 0.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-59834 is a critical command injection vulnerability in the adb-mcp MCP Server, an npm package that exposes Android Debug Bridge (adb) commands via a Node.js server. The vulnerability occurs because the server uses the Node.js child process API function 'exec' to run shell commands constructed by concatenating user-supplied input without proper sanitization. Specifically, user inputs such as device ID and file paths are directly included in shell commands, allowing an attacker to inject arbitrary shell commands by including special shell characters. This leads to remote command execution on the host running the MCP Server without requiring any privileges or user interaction. [2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including full compromise of the host running the MCP Server. An attacker can execute arbitrary commands remotely, leading to complete loss of confidentiality, integrity, and availability of the system. This means sensitive data can be exposed or altered, system functionality can be disrupted, and the overall security of the environment can be severely damaged. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or suspicious adb-mcp server activity, especially commands that include shell metacharacters or unexpected parameters in the MCP Server's `inspect_ui` tool. Since the vulnerability involves command injection via user-supplied inputs `device` and `outputPath`, you can look for adb commands executed with suspicious concatenated strings. A practical approach is to audit logs for adb commands containing shell special characters like `;`, `&&`, or backticks. Additionally, you can test the server by attempting to inject commands in these parameters and observing if they execute. Specific commands to detect exploitation attempts might include searching logs with grep for suspicious patterns, for example: `grep -E 'adb .*;|&&|`' /var/log/adb-mcp.log` or monitoring running processes for unexpected commands spawned by adb-mcp. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of vulnerable versions (β€ 0.1.0) of adb-mcp MCP Server. Since the vulnerability arises from using Node.js `exec` with concatenated user input, you should update the code to use `execFile` with separate arguments to prevent shell interpretation. If you maintain the server, apply the patch from commit 041729c (https://github.com/srmorete/adb-mcp/commit/041729c0b25432df3199ff71b3163a307cf4c28c) which fixes the issue. Additionally, restrict network access to the MCP Server to trusted users only, and monitor for suspicious command execution. If patching or upgrading is not immediately possible, consider disabling or restricting the vulnerable `inspect_ui` tool to prevent exploitation. [1, 2]