We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-53109

Model Context Protocol Servers Vulnerable to Path Validation Bypass via Prefix Matching and Symlink Handling



Description

Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01 resolve.

Reserved 2025-06-25 | Published 2025-07-02 | Updated 2025-07-02 | Assigner GitHub_M


HIGH: 7.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-59: Improper Link Resolution Before File Access ('Link Following')

Product status

< 0.6.4
affected

< 2025.7.01
affected

References

github.com/...ervers/security/advisories/GHSA-q66q-fx2p-7w4m

github.com/...ommit/d00c60df9d74dba8a3bb13113f8904407cda594f

cve.org (CVE-2025-53109)

nvd.nist.gov (CVE-2025-53109)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-53109

Support options

Helpdesk Chat, Email, Knowledgebase