CNNVD-202512-1796 Information

Dec 10, 2025 cve

CNNVD ID

CNNVD-202512-1796

CVE-2025-65512

CNNVD Published: 2025-12-10

Description (Chinese)

Markdownify MCP Server是美国Zach Caceres个人开发者的一个用于将几乎所有内容转换为 Markdown 的模型上下文协议服务器。 Markdownify MCP Server 0.0.2及之前版本存在安全漏洞，该漏洞源于网页转markdown功能存在服务端请求伪造，可能导致绕过私有IP限制。

Description (English)

Markdownify MCP Server is a model context protocol server used by Zach Caceres personal developers in the United States to convert almost all content to Markdown. There is a security loophole in Markdownify MCP Server 0.0.2 and earlier versions, which stems from the existence of a service-end request for forgery on the web page ’ s markkdown function, which may lead to circumventing private IP restrictions.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-12-10

Last Modified

2026-02-24

References

https://thorn-pheasant-6d8.notion.site/markdownify-mcp-Report-2a03daf7b44180908ff4eea0c2915763 https://github.com/Team-Off-course/MCP-Server-Vuln-Analysis/blob/main/CVE-2025-65512.md https://access.redhat.com/security/cve/cve-2025-65512

Share on: