CVE-2025-59155

CVE-2025-59155 is a medium-severity vulnerability with a CVSS 4.0 base score of 6.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-918.

Key facts

Description

hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery (SSRF) vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied via the Hackmd-Api-Url HTTP header or a base64-encoded JSON query parameter are accepted without validation, allowing attackers to redirect outbound API requests to internal network services, access internal endpoints, perform network reconnaissance, and bypass network access controls. The stdio transport mode is not affected because it only accepts stdio requests. The issue is fixed in version 1.5.0, which enforces allowed endpoints and supports the ALLOWED_HACKMD_API_URLS environment variable. Users should update to 1.5.0 or later or apply documented mitigations such as switching to stdio mode, restricting outbound network access, or filtering the Hackmd-Api-Url header and related query parameter via a reverse proxy.

Frequently asked questions

What is CVE-2025-59155?
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery (SSRF) vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied via the Hackmd-Api-Url HTTP header or a base64-encoded JSON query parameter are accepted without validation, allowing attackers to redirect outbound API requests to internal network services, access internal endpoints, perform network reconnaissance, and bypass network access controls. The stdio transport mode is not affected because it only accepts stdio requests. The issue is fixed in version 1.5.0, which enforces allowed endpoints and supports the ALLOWED_HACKMD_API_URLS environment variable. Users should update to 1.5.0 or later or apply documented mitigations such as switching to stdio mode, restricting outbound network access, or filtering the Hackmd-Api-Url header and related query parameter via a reverse proxy.
How severe is CVE-2025-59155?
CVE-2025-59155 has a CVSS 4.0 base score of 6.9, rated medium severity.
Is CVE-2025-59155 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (25th percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2025-59155?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2025-59155 have an EU (EUVD) identifier?
Yes. CVE-2025-59155 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-29214.
When was CVE-2025-59155 published?
CVE-2025-59155 was published on 2025-09-15 and last updated on 2026-06-17.

References

Other CWE-918 (Server-Side Request Forgery (SSRF)) vulnerabilities

Browse all CWE-918 (Server-Side Request Forgery (SSRF)) vulnerabilities →