Command Injection Vulnerability in ADB MCP Server for Android Devices
CVE-2025-59834
9.8CRITICAL
What is CVE-2025-59834?
The ADB MCP Server, a framework for interacting with Android devices via ADB, has a security flaw that allows for command injection attacks in versions up to 0.1.0. This vulnerability arises from improper handling of tool definitions and implementations within the MCP server. Attackers could exploit this flaw to execute arbitrary commands on the victim's system. The vulnerability was addressed and patched in commit 041729c. It's crucial for users and developers to upgrade to the latest version to mitigate potential risks.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
adb-mcp <= 0.1.0
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved