CVE-2025-53109 – @modelcontextprotocol/server-filesystem

Package

Manager: npm
Name: @modelcontextprotocol/server-filesystem
Vulnerable Version: >=0 <=0.6.2 || >=2025.1.14 <2025.7.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00158 pctl0.37171

Details

@modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling Versions of Filesystem prior to 0.6.3 & 2025.7.1 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 2025.7.1 to resolve. Thank you to Elad Beber (Cymulate) for reporting these issues.

Metadata

Created: 2025-07-01T20:13:56Z
Modified: 2025-07-02T18:56:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-q66q-fx2p-7w4m/GHSA-q66q-fx2p-7w4m.json
CWE IDs: ["CWE-59"]
Alternative ID: GHSA-q66q-fx2p-7w4m
Finding: F076
Auto approve: 1