What is CVE-2025-59155?

### Impact A Server-Side Request Forgery (SSRF) vulnerability that affects all users running the HackMD MCP server in HTTP mode. Attackers could exploit this vulnerability by passing arbitrary `hackmdApiUrl` values through HTTP headers (`Hackmd-Api-Url`) or base64-encoded JSON query parameters. This allows malicious users to: - Redirect API calls to internal network services - Potentially access sensitive internal endpoints - Perform network reconnaissance through the server - Bypass network access controls The vulnerability affects the HTTP transport mode specifically - stdio mode is not impacted as it only accepts requests from stdio. ### Patches The vulnerability has been patched in version `1.5.0`. Users should: 1. Update to the latest version of the HackMD MCP server 2. Set the `ALLOWED_HACKMD_API_URLS` environment variable to restrict allowed HackMD API endpoints 3. If not set, the server will default to only allowing the official HackMD API URL (`https://api.hackmd.io/v1`) Example configuration: ``` ALLOWED_HACKMD_API_URLS=https://api.hackmd.io/v1,https://your-hackmd-instance.com/api/v1 ``` ### Workarounds Users can mitigate this vulnerability without upgrading by: 1. **Use stdio mode instead of HTTP mode**: Set `TRANSPORT=stdio` or remove the `TRANSPORT` environment variable to disable HTTP mode entirely 2. **Network-level restrictions**: Use firewall rules or network policies to restrict outbound connections from the server 3. **Reverse proxy filtering**: Place the MCP server behind a reverse proxy that validates and filters both the `Hackmd-Api-Url` header and the base64-encoded JSON `config` query parameter to prevent malicious `hackmdApiUrl` values ### References - [OWASP Server-Side Request Forgery Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html) - [HackMD MCP Server Documentation](https://github.com/yuna0x0/hackmd-mcp)

What is the severity of CVE-2025-59155?

CVE-2025-59155 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2025-59155?

No known public exploits are currently available for CVE-2025-59155.

Is there a patch available for CVE-2025-59155?

Yes, patches are available for CVE-2025-59155. Check the vendor advisories for update instructions.

CVE-2025-59155 - CVE Details, Severity, and Analysis

Impact

A Server-Side Request Forgery (SSRF) vulnerability that affects all users running the HackMD MCP server in HTTP mode. Attackers could exploit this vulnerability by passing arbitrary hackmdApiUrl values through HTTP headers (Hackmd-Api-Url) or base64-encoded JSON query parameters. This allows malicious users to:

Redirect API calls to internal network services
Potentially access sensitive internal endpoints
Perform network reconnaissance through the server
Bypass network access controls

The vulnerability affects the HTTP transport mode specifically - stdio mode is not impacted as it only accepts requests from stdio.

Patches

The vulnerability has been patched in version 1.5.0. Users should:

Update to the latest version of the HackMD MCP server
Set the ALLOWED_HACKMD_API_URLS environment variable to restrict allowed HackMD API endpoints
If not set, the server will default to only allowing the official HackMD API URL (https://api.hackmd.io/v1)

Example configuration:

ALLOWED_HACKMD_API_URLS=https://api.hackmd.io/v1,https://your-hackmd-instance.com/api/v1

Workarounds

Users can mitigate this vulnerability without upgrading by:

Use stdio mode instead of HTTP mode: Set TRANSPORT=stdio or remove the TRANSPORT environment variable to disable HTTP mode entirely
Network-level restrictions: Use firewall rules or network policies to restrict outbound connections from the server
Reverse proxy filtering: Place the MCP server behind a reverse proxy that validates and filters both the Hackmd-Api-Url header and the base64-encoded JSON config query parameter to prevent malicious hackmdApiUrl values

References