CVE-2025-70040

MEDIUM

jimeng-web-mcp 2.1.2 - Info Disclosure

Title source: llm

Description

An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information.

References (3)

Core 3

Core References

Various Sources

https://gist.github.com/zcxlighthouse/73b4ea07d1056ca9f100d11bfb4c8aa5

Various Sources

https://github.com/LupinLin1

Various Sources

https://github.com/LupinLin1/jimeng-web-mcp

Scores

CVSS v3 5.3

EPSS 0.0024

EPSS Percentile 15.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (1)

lupinlin1/jimeng_web_mcp_server 2.1.2

Published Mar 09, 2026

Tracked Since Mar 09, 2026