PT-2025-27616 · Unknown · Filesystem
Jenn-Newton
·
Published
2025-07-01
·
Updated
2025-08-31
·
CVE-2025-53109
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Model Context Protocol Servers Filesystem versions prior to 0.6.4 or 2025.7.01
Model Context Protocol Servers Filesystem versions prior to 0.6.3 or 2025.7.1
Description
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). A flaw exists due to improper link resolution before file access. This can allow a remote attacker to gain unauthorized access to protected information. The issue involves a path validation bypass via symlink handling.
Recommendations
Model Context Protocol Servers Filesystem versions prior to 0.6.4: Upgrade to version 0.6.4 or later.
Model Context Protocol Servers Filesystem versions prior to 2025.7.01: Upgrade to version 2025.7.01 or later.
Model Context Protocol Servers Filesystem versions prior to 0.6.3: Upgrade to version 2025.7.1 or later.
Exploit
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Filesystem