CVE-2025-59834
Published: 25 September 2025
Summary
CVE-2025-59834 is a critical-severity Command Injection (CWE-77) vulnerability in Srmorete Adb Mcp Server. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 20.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation of information inputs, directly preventing command injection by sanitizing or rejecting malicious payloads in the ADB MCP Server's tool definitions and implementations.
SI-2 mandates timely identification, reporting, and patching of system flaws, directly addressing this command injection vulnerability as demonstrated by the patching commit 041729c.
AC-6 enforces least privilege for processes, limiting the impact of arbitrary command execution achieved through exploitation of the command injection flaw.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection vulnerability in MCP Server tool definition and implementation enables arbitrary command execution, directly facilitating T1059: Command and Scripting Interpreter.
NVD Description
ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part…
more
of some of its MCP Server tool definition and implementation. This issue has been patched via commit 041729c.
Deeper analysisAI
CVE-2025-59834 is a command injection vulnerability (CWE-77, CWE-78) in the ADB MCP Server, an MCP (Model Context Protocol) server for interacting with Android devices through ADB. The flaw affects versions 0.1.0 and prior, stemming from insecure tool definitions and implementations within the server that enable injection of malicious commands.
With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability is exploitable remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Successful exploitation allows attackers to achieve high impacts on confidentiality, integrity, and availability, including arbitrary command execution on the host system running the server.
The vulnerability has been patched via GitHub commit 041729c0b25432df3199ff71b3163a307cf4c28c. Additional details, including mitigation guidance, are available in the GitHub Security Advisory GHSA-54j7-grvr-9xwg, and the vulnerable code can be reviewed in src/index.ts lines 334-355. Security practitioners should update to the patched version immediately.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- The CVE affects ADB MCP Server, an implementation of the Model Context Protocol (MCP) for AI agent interactions with Android devices via ADB, fitting AI Agent Protocols and Integrations due to its protocol-specific role in AI ecosystems.