CVE-2025-59834: Command Injection in adb-mcp MCP Server
(updated )
User initiated and remote command injection on a running MCP Server.
References
- github.com/advisories/GHSA-54j7-grvr-9xwg
- github.com/srmorete/adb-mcp
- github.com/srmorete/adb-mcp/blob/master/src/index.ts
- github.com/srmorete/adb-mcp/commit/041729c0b25432df3199ff71b3163a307cf4c28c
- github.com/srmorete/adb-mcp/security/advisories/GHSA-54j7-grvr-9xwg
- nvd.nist.gov/vuln/detail/CVE-2025-59834
Code Behaviors & Features
Detect and mitigate CVE-2025-59834 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →