CVE-2025-5276 – MCP Markdownify Server SSRF

May 29, 2025

CVE ID : CVE-2025-5276

Published : May 29, 2025, 5:15 a.m. | 15 minutes ago

Description : All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools to issue requests and read the responses to attacker-controlled URLs, potentially leaking sensitive information.

Severity: 7.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleFOSS Weekly #25.22: Microsoft’s Vim Alternative, Kernel 6.15, UBXI Desktop, End of Ubuntu 20.04 and More

Next Article CVE-2025-5273 – Mcp-Markdownify-Server File Access Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Does Elden Ring Nightreign have crossplay or cross-platform play?

Cyberpunk 2077 sequel enters pre-production as Phantom Liberty crosses 10 million copies sold

EA has canceled yet another game, shuttered its developer, and started more layoffs

The Witcher 3: Wild Hunt reaches 60 million copies sold as work continues on The Witcher 4

How Remix is shaking things up

How Remix is shaking things up

Perficient at Kscope25: Let’s Meet in Texas!

Salesforce + Informatica: What It Means for Data Cloud and Our Customers

Does Elden Ring Nightreign have crossplay or cross-platform play?

Does Elden Ring Nightreign have crossplay or cross-platform play?

Cyberpunk 2077 sequel enters pre-production as Phantom Liberty crosses 10 million copies sold

EA has canceled yet another game, shuttered its developer, and started more layoffs

CVE-2025-5276 – MCP Markdownify Server SSRF

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

New Apache InLong Vulnerability (CVE-2025-27522) Exposes Systems to Remote Code Execution Risks

How to Refactor Complex Codebases – A Practical Guide for Devs

Best Free and Open Source Alternatives to Cisco Packet Tracer

Top Figma CSS Export Plugins

zpaqfranz – deduplicating archiver with encryption and paranoid-level tests

CSS Chronicles XLII

CVE-2025-4844 – FreeFloat FTP Server CD Command Handler Buffer Overflow Vulnerability

Microsoft renders Mail & Calendar apps inoperable as it forces users over to the new Outlook on Windows

Alleged Hosocongty Data Breach Exposes Vietnamese Job Seekers

CVE-2025-5276 – MCP Markdownify Server SSRF

Related Posts