PoC Week 2025-10-06

Posted on Oct 6, 2025

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2025-59834

  • Severity: 9.8 CRITICAL
  • Impacted Products: adb-mcp MCP Server < 0.1.0
  • Description: ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. This issue has been patched via commit 041729c.
  • Remediation: Follow developer advice.
  • More Info: NVD - CVE-2025-59834
  • PoC: https://github.com/srmorete/adb-mcp/security/advisories/GHSA-54j7-grvr-9xwg

CVE-2025-59528

  • Severity: 10 CRITICAL
  • Impacted Products: Flowise 3.0.5
  • Description: Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it executes JavaScript code without any security validation. Specifically, inside the convertToValidJSONString function, user input is directly passed to the Function() constructor, which evaluates and executes the input as JavaScript code. Since this runs with full Node.js runtime privileges, it can access dangerous modules such as child_process and fs. This issue has been patched in version 3.0.6.
  • Remediation: Follow developer advice.
  • More Info: NVD - CVE-2025-59528
  • PoC: https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3gcm-f6qx-ff7p

CVE-2025-57441

  • Severity: 9.8 CRITICAL
  • Impacted Products: Blackmagic ATEM Mini Pro 2.7
  • Description: The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and stream configuration information via an unauthenticated Telnet service on port 9990. Upon connection, the attacker can access a protocol preamble that leaks the video mode, routing configuration, input/output labels, device model, and even internal identifiers such as the unique ID. This can be used for reconnaissance and planning further attacks.
  • Remediation: Follow developer advice.
  • More Info: NVD - CVE-2025-57441
  • PoC: https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57441

CVE-2025-56819

References

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.