CVE-2025-70040

low-risk

Published 2026-03-09

An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

References (3)

https://gist.github.com/zcxlighthouse/73b4ea07d1056ca9f100d11bfb4c8aa5

https://github.com/LupinLin1

https://github.com/LupinLin1/jimeng-web-mcp

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal