CVE-2025-59834CRITICAL 9.8EPSS p81.2%

CVE-2025-59834CVE-2025-59834

Description

ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. This issue has been patched via commit 041729c.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS2.32% probability of exploitation · percentile 81.2% · 2026-06-18T12:00:27Z
Published2025-09-25
Last modified2025-10-14

Underlying weaknesses· 2

CWE-77CWE-78

References

  1. https://github.com/srmorete/adb-mcp/blob/master/src/index.ts#L334-L355
  2. https://github.com/srmorete/adb-mcp/commit/041729c0b25432df3199ff71b3163a307cf4c28c
  3. https://github.com/srmorete/adb-mcp/security/advisories/GHSA-54j7-grvr-9xwg
  4. https://github.com/srmorete/adb-mcp/security/advisories/GHSA-54j7-grvr-9xwg

2

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-770%live
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-5277
CVE
CVE-2025-6514
CVE
CVE-2025-61492
CVE
CVE-2026-0073
CVE
CVE-2025-0593
CVE
CVE-2025-66401
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.