CVE-2025-5276 – MCP Markdownify Server SSRF

May 29, 2025

CVE ID : CVE-2025-5276

Published : May 29, 2025, 5:15 a.m. | 15 minutes ago

Description : All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools to issue requests and read the responses to attacker-controlled URLs, potentially leaking sensitive information.

Severity: 7.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleFOSS Weekly #25.22: Microsoft’s Vim Alternative, Kernel 6.15, UBXI Desktop, End of Ubuntu 20.04 and More

Next Article CVE-2025-5273 – Mcp-Markdownify-Server File Access Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Windows 11 version 25H2: Everything you need to know about Microsoft’s next OS release

Elden Ring Nightreign already has a duos Seamless Co-op mod from the creator of the beloved original, and it’ll be “expanded on in the future”

I love Elden Ring Nightreign’s weirdest boss — he bargains with you, heals you, and throws tantrums if you ruin his meditation

How to install SteamOS on ROG Ally and Legion Go Windows gaming handhelds

Oracle Fusion new Product Management Landing Page and AI (25B)

Oracle Fusion new Product Management Landing Page and AI (25B)

Filament Is Now Running Natively on Mobile

How Remix is shaking things up

Windows 11 version 25H2: Everything you need to know about Microsoft’s next OS release

Windows 11 version 25H2: Everything you need to know about Microsoft’s next OS release

Elden Ring Nightreign already has a duos Seamless Co-op mod from the creator of the beloved original, and it’ll be “expanded on in the future”

I love Elden Ring Nightreign’s weirdest boss — he bargains with you, heals you, and throws tantrums if you ruin his meditation

CVE-2025-5276 – MCP Markdownify Server SSRF

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Exploit details for max severity Cisco IOS XE flaw now public

CVE-2025-48475 – FreeScout Unrestricted Client Access Vulnerability

AI chatbots of the dead could â€œdigitally hauntâ€ us forever, warns new study

LlamaFS: An Open-Source Self-Organizing File system with Llama-3

Collaborating to advance research and innovation on essential chips for AI

Get Paid $48 EVERY 10 Minutes Using Deepseek and ChatGPT Operator: The 2025 Insane Money-Making Method (Step-by-Step Guide)

Black Hat 2024: CrowdStrike Outage Highlights Possible Chinese Cyberattack Threats

Marvel Rivals demonstrates clear success in a bleak gaming era

CVE-2025-46380 – Apache HTTP Server Unvalidated User Input

CVE-2025-5276 – MCP Markdownify Server SSRF

Related Posts