CVE-2025-53109 | THREATINT

Description

Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01 resolve.

PUBLISHED Reserved 2025-06-25 | Published 2025-07-02 | Updated 2025-07-02 | Assigner GitHub_M

HIGH: 7.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-59: Improper Link Resolution Before File Access ('Link Following')

Product status

< 0.6.4

affected

< 2025.7.01

affected

References

github.com/...ervers/security/advisories/GHSA-q66q-fx2p-7w4m

github.com/...ommit/d00c60df9d74dba8a3bb13113f8904407cda594f

cve.org (CVE-2025-53109)

nvd.nist.gov (CVE-2025-53109)

Download JSON