CVE-2025-59834

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-59834

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59834.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-59834

Aliases

GHSA-54j7-grvr-9xwg

Published

2025-09-25T13:41:15.676Z

Modified

2026-04-02T12:56:59.966500Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Command Injection in adb-mcp MCP Server

Details

ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. This issue has been patched via commit 041729c.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-77",
        "CWE-78"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59834.json"
}

References

Affected packages

Git / github.com/srmorete/adb-mcp

Affected ranges

Type: GIT
Repo: https://github.com/srmorete/adb-mcp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

041729c0b25432df3199ff71b3163a307cf4c28c

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "0.1.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "ADB."
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59834.json"