CVE-2025-5273
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk25th percentile - higher than 25% of all known CVEs
Summary
A vulnerability in the mcp-markdownify-server package before version 1.0.0 allows unauthorized access to files and directories on the server via the get-markdown-file tool. An attacker can craft a malicious prompt that, when processed by the MCP host, enables reading arbitrary files from the system.
Risk Assessment
The risk involves potential leakage of sensitive data such as configuration files, credentials, or other confidential information stored on the server, which could lead to security breaches for the organization.
Recommendation
Immediately update the mcp-markdownify-server package to version 1.0.0 or later, which fixes this vulnerability. Additionally, restrict access to the get-markdown-file tool to trusted MCP hosts only.
Original NVD description (English source)
Versions of the package mcp-markdownify-server before 1.0.0 are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server.

