Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by yuna0x0
CVE-2025-59155 (GCVE-0-2025-59155)
Vulnerability from nvd – Published: 2025-09-15 16:56 – Updated: 2025-09-15 17:30
VLAI
Title
hackmd-mcp server-side request forgery in HTTP transport mode
Summary
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery (SSRF) vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied via the Hackmd-Api-Url HTTP header or a base64-encoded JSON query parameter are accepted without validation, allowing attackers to redirect outbound API requests to internal network services, access internal endpoints, perform network reconnaissance, and bypass network access controls. The stdio transport mode is not affected because it only accepts stdio requests. The issue is fixed in version 1.5.0, which enforces allowed endpoints and supports the ALLOWED_HACKMD_API_URLS environment variable. Users should update to 1.5.0 or later or apply documented mitigations such as switching to stdio mode, restricting outbound network access, or filtering the Hackmd-Api-Url header and related query parameter via a reverse proxy.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/yuna0x0/hackmd-mcp/security/ad… | x_refsource_CONFIRM |
| https://github.com/yuna0x0/hackmd-mcp/commit/4393… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yuna0x0 | hackmd-mcp |
Affected:
>= 1.4.0, < 1.5.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T17:30:10.755995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T17:30:27.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hackmd-mcp",
"vendor": "yuna0x0",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hackmd-mcp is a Model Context Protocol server for integrating HackMD\u0027s note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery (SSRF) vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied via the Hackmd-Api-Url HTTP header or a base64-encoded JSON query parameter are accepted without validation, allowing attackers to redirect outbound API requests to internal network services, access internal endpoints, perform network reconnaissance, and bypass network access controls. The stdio transport mode is not affected because it only accepts stdio requests. The issue is fixed in version 1.5.0, which enforces allowed endpoints and supports the ALLOWED_HACKMD_API_URLS environment variable. Users should update to 1.5.0 or later or apply documented mitigations such as switching to stdio mode, restricting outbound network access, or filtering the Hackmd-Api-Url header and related query parameter via a reverse proxy."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T16:56:57.006Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/yuna0x0/hackmd-mcp/security/advisories/GHSA-g5cg-6c7v-mmpw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yuna0x0/hackmd-mcp/security/advisories/GHSA-g5cg-6c7v-mmpw"
},
{
"name": "https://github.com/yuna0x0/hackmd-mcp/commit/43936c78a5bb3dedc74e8f080607a1125caa8c13",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yuna0x0/hackmd-mcp/commit/43936c78a5bb3dedc74e8f080607a1125caa8c13"
}
],
"source": {
"advisory": "GHSA-g5cg-6c7v-mmpw",
"discovery": "UNKNOWN"
},
"title": "hackmd-mcp server-side request forgery in HTTP transport mode"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59155",
"datePublished": "2025-09-15T16:56:57.006Z",
"dateReserved": "2025-09-09T15:23:16.327Z",
"dateUpdated": "2025-09-15T17:30:27.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59155 (GCVE-0-2025-59155)
Vulnerability from cvelistv5 – Published: 2025-09-15 16:56 – Updated: 2025-09-15 17:30
VLAI
Title
hackmd-mcp server-side request forgery in HTTP transport mode
Summary
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery (SSRF) vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied via the Hackmd-Api-Url HTTP header or a base64-encoded JSON query parameter are accepted without validation, allowing attackers to redirect outbound API requests to internal network services, access internal endpoints, perform network reconnaissance, and bypass network access controls. The stdio transport mode is not affected because it only accepts stdio requests. The issue is fixed in version 1.5.0, which enforces allowed endpoints and supports the ALLOWED_HACKMD_API_URLS environment variable. Users should update to 1.5.0 or later or apply documented mitigations such as switching to stdio mode, restricting outbound network access, or filtering the Hackmd-Api-Url header and related query parameter via a reverse proxy.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/yuna0x0/hackmd-mcp/security/ad… | x_refsource_CONFIRM |
| https://github.com/yuna0x0/hackmd-mcp/commit/4393… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yuna0x0 | hackmd-mcp |
Affected:
>= 1.4.0, < 1.5.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T17:30:10.755995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T17:30:27.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hackmd-mcp",
"vendor": "yuna0x0",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hackmd-mcp is a Model Context Protocol server for integrating HackMD\u0027s note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery (SSRF) vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied via the Hackmd-Api-Url HTTP header or a base64-encoded JSON query parameter are accepted without validation, allowing attackers to redirect outbound API requests to internal network services, access internal endpoints, perform network reconnaissance, and bypass network access controls. The stdio transport mode is not affected because it only accepts stdio requests. The issue is fixed in version 1.5.0, which enforces allowed endpoints and supports the ALLOWED_HACKMD_API_URLS environment variable. Users should update to 1.5.0 or later or apply documented mitigations such as switching to stdio mode, restricting outbound network access, or filtering the Hackmd-Api-Url header and related query parameter via a reverse proxy."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T16:56:57.006Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/yuna0x0/hackmd-mcp/security/advisories/GHSA-g5cg-6c7v-mmpw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yuna0x0/hackmd-mcp/security/advisories/GHSA-g5cg-6c7v-mmpw"
},
{
"name": "https://github.com/yuna0x0/hackmd-mcp/commit/43936c78a5bb3dedc74e8f080607a1125caa8c13",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yuna0x0/hackmd-mcp/commit/43936c78a5bb3dedc74e8f080607a1125caa8c13"
}
],
"source": {
"advisory": "GHSA-g5cg-6c7v-mmpw",
"discovery": "UNKNOWN"
},
"title": "hackmd-mcp server-side request forgery in HTTP transport mode"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59155",
"datePublished": "2025-09-15T16:56:57.006Z",
"dateReserved": "2025-09-09T15:23:16.327Z",
"dateUpdated": "2025-09-15T17:30:27.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}