Login Sign Up

CVE-2025-65512

7.5 HIGH
SSRF

📋 TL;DR

A Server-Side Request Forgery (SSRF) vulnerability in markdownify-mcp allows attackers to bypass private IP restrictions using hostname-based bypass techniques and HTTP redirect chains. This enables unauthorized access to internal network services that should be protected. Users of markdownify-mcp version 0.0.2 and earlier are affected.

💻 Affected Systems

Products:
  • markdownify-mcp
Versions: v0.0.2 and earlier
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Any system using the webpage-to-markdown conversion feature is vulnerable.

📦 What is this software?

Markdownify Mcp Server by Zcaceres

View all CVEs affecting Markdownify Mcp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive internal services, exfiltrate data, or pivot to other internal systems, potentially leading to full network compromise.

🟠

Likely Case

Unauthorized access to internal HTTP services, information disclosure from internal APIs, or scanning of internal network resources.

🟢

If Mitigated

Limited to accessing only publicly accessible services or blocked by additional network segmentation controls.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SSRF vulnerabilities are commonly exploited and this specific bypass technique is well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider workarounds or alternative solutions.

🔧 Temporary Workarounds

Network-level SSRF protection

all

Implement network egress filtering to restrict outbound connections from the application server

Application-level URL validation

all

Implement strict URL validation that resolves hostnames and validates IP addresses before making requests

🧯 If You Can't Patch

  • Disable the webpage-to-markdown conversion feature entirely
  • Implement a web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check if markdownify-mcp version is 0.0.2 or earlier and if webpage-to-markdown feature is enabled

Check Version:

Check package.json or application configuration for markdownify-mcp version

Verify Fix Applied:

Test SSRF bypass techniques using hostname-based bypass and redirect chains against the application

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from the application server
  • Requests to internal IP addresses or hostnames

Network Indicators:

  • HTTP traffic from application server to internal services
  • Unusual redirect patterns in HTTP traffic

SIEM Query:

source="markdownify-mcp" AND (dest_ip=10.0.0.0/8 OR dest_ip=172.16.0.0/12 OR dest_ip=192.168.0.0/16)

📊 Metadata

CVE ID: CVE-2025-65512
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-918
EPSS Score: 0.06% exploit probability (18th percentile)
Published: December 10, 2025
Last Updated: January 2, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65512, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)