CVE-2025-5276 – MCP Markdownify Server SSRF

May 29, 2025

CVE ID : CVE-2025-5276

Published : May 29, 2025, 5:15 a.m. | 15 minutes ago

Description : All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools to issue requests and read the responses to attacker-controlled URLs, potentially leaking sensitive information.

Severity: 7.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleFOSS Weekly #25.22: Microsoft’s Vim Alternative, Kernel 6.15, UBXI Desktop, End of Ubuntu 20.04 and More

Next Article CVE-2025-5273 – Mcp-Markdownify-Server File Access Vulnerability

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Look out, Meta Ray-Bans! These AI glasses just raised over $1M in pre-orders in 3 days

Samsung ‘Galaxy Glasses’ powered by Android XR are reportedly on track to be unveiled this month

The M4 iPad Pro is discounted $100 as a last-minute Labor Day deal

Distribution Release: Linux From Scratch 12.4

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

August report 2025

Fake News Detection using Python Machine Learning (ML)

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Download Transcribe! for Windows

Microsoft Fixes CertificateServicesClient (CertEnroll) Error in Windows 11

CVE-2025-5276 – MCP Markdownify Server SSRF

Hacker suspected of trying to cheat his way into university is arrested in Spain

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

LLMs Still Struggle to Cite Medical Sources Reliably: Stanford Researchers Introduce SourceCheckup to Audit Factual Support in AI-Generated Responses

CVE-2025-38231 – Linux Kernel NFSd NULL Pointer Dereference Vulnerability

CVE-2025-5908 – TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow

How to Download Tubi TV App on your PC

Bethesda teases Oblivion Remastered, with a full announcement for the legendary Elder Scrolls title coming this week

If we want a passwordless future, let’s get our passkey story straight

Our favorite rugged portable SSD is over 40% off at Amazon ahead of Prime Day

CVE-2025-47676 – Faiyaz Alam User Login History Stored Cross-site Scripting

CVE-2025-5276 – MCP Markdownify Server SSRF

Related Posts