CVE-2025-58358: 
JavaScript vulnerability analysis and mitigation

Markdownify, a Model Context Protocol server for converting various formats to Markdown, contains a command injection vulnerability (CVE-2025-58358) in versions below 0.0.2. The vulnerability was discovered and disclosed on September 2, 2025, affecting the npm package mcp-markdownify-server. The issue stems from unsanitized use of input parameters within child_process.exec calls, which could allow attackers to inject arbitrary system commands (GitHub Advisory).

The vulnerability exists in the server's file operation tools, specifically in the pptx-to-markdown functionality. The server constructs and executes shell commands using unvalidated user input directly within command-line strings through child_process.exec, enabling shell metacharacter injection (|, >, &&, etc.). The vulnerability has been assigned a CVSS v3.1 score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network attack vector, high attack complexity, no privileges required, and user interaction required (GitHub Advisory).

Successful exploitation of this vulnerability can lead to remote code execution under the server process's privileges. An attacker could execute arbitrary system commands, potentially compromising the system's confidentiality, integrity, and availability. The vulnerability is particularly concerning as it affects a server component that processes user input for markdown conversion (GitHub Advisory).

The vulnerability has been fixed in version 0.0.2 released on September 2, 2025. The recommended mitigation is to avoid using childprocess.exec with untrusted input and instead use childprocess.execFile, which allows passing arguments as a separate array, avoiding shell interpretation entirely. For handling tilde paths, it's recommended to use the untildify package to convert tilde paths to absolute paths before passing to child_process.execFile (GitHub Advisory).