Home > Vulnerability Database > CVE-2025-59834

Mend.io Vulnerability Database

CVE-2025-59834

Date: September 25, 2025

ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. This issue has been patched via commit 041729c.

Severity Score

9.8

Related Resources (6)

Url: https://github.com/srmorete/adb-mcp/security/advisories/GHSA-54j7-grvr-9xwg

Url: https://github.com/srmorete/adb-mcp/commit/041729c0b25432df3199ff71b3163a307cf4c28c

Url: https://github.com/srmorete/adb-mcp

Url: https://github.com/srmorete/adb-mcp/blob/master/src/index.ts#L334-L355

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-59834

Url: https://www.mend.io/vulnerability-database/CVE-2025-59834

Severity Score

9.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-78

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-59834

Date: September 25, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?