31/10/2025

ZDI-25-983: evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-12489.

Comments are closed.

You may also like

ZDI-25-348: (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-25-1088: (0Day) Soda PDF Desktop Launch Insufficient UI Warning Remote Code Execution Vulnerability