CVE-2025-53109

Model Context Protocol Servers Vulnerable to Path Validation Bypass via Prefix Matching and Symlink Handling

Description

Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01 resolve.

INFO

Published Date :

2025-07-02T14:30:57.647Z

Last Modified :

2025-07-02T14:50:18.562Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-53109 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-53109.

URL	Resource
https://github.com/modelcontextprotocol/servers/commit/d00c60df9d74dba8a3bb13113f8904407cda594f
https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-q66q-fx2p-7w4m

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability