CVE-2025-5273: 
JavaScript vulnerability analysis and mitigation

CVE-2025-5273 affects all versions of the mcp-markdownify-server package, a Model Context Protocol (MCP) server that converts various file types and web content to Markdown format. The vulnerability was discovered and disclosed on May 28, 2025, by Raul Onitza-Klugman from Snyk Security Research. The vulnerability allows unauthorized access to files and directories through the get-markdown-file tool (Snyk Advisory).

The vulnerability is classified as CWE-552 (Files or Directories Accessible to External Parties) and exists in the get-markdown-file tool functionality. It has received a CVSS v4.0 score of 8.2 (HIGH) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:P, and a CVSS v3.1 score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (NVD).

When exploited, this vulnerability allows an attacker to read arbitrary files from the host running the server. The impact primarily affects confidentiality, as the attacker can access files that should be restricted, potentially exposing sensitive information (Snyk Advisory).

A fix has been pushed to the master branch but has not yet been published as a new version. As a temporary workaround, administrators can set the MDSHAREDIR environment variable to restrict the directory from which files can be retrieved, using the command MDSHAREDIR=[SOME_PATH] pnpm run start (GitHub Commit).