Vulnerability Description
ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. This issue has been patched via commit 041729c.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Srmorete | Adb Mcp Server | <= 0.1.0 |
Related Weaknesses (CWE)
References
- https://github.com/srmorete/adb-mcp/blob/master/src/index.ts#L334-L355Product
- https://github.com/srmorete/adb-mcp/commit/041729c0b25432df3199ff71b3163a307cf4cPatch
- https://github.com/srmorete/adb-mcp/security/advisories/GHSA-54j7-grvr-9xwgExploitVendor Advisory
- https://github.com/srmorete/adb-mcp/security/advisories/GHSA-54j7-grvr-9xwgExploitVendor Advisory
FAQ
What is CVE-2025-59834?
CVE-2025-59834 is a vulnerability with a CVSS score of 9.8 (CRITICAL). ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command ...
How severe is CVE-2025-59834?
CVE-2025-59834 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-59834?
Check the references section above for vendor advisories and patch information. Affected products include: Srmorete Adb Mcp Server.