CVE-2025-67364

Name of the Vulnerable Software and Affected Versions fast-filesystem-mcp version 3.4.0

Description The software contains a path traversal issue in its file operation tools, including the fast read file function. This is due to insufficient path validation that does not resolve symbolic links to their actual physical paths. The safePath and isPathAllowed functions utilize path.resolve(), which does not handle symlinks, allowing attackers to bypass directory access restrictions. By creating symlinks within permitted directories that point to restricted system paths, attackers can circumvent validation checks and gain access to unauthorized files when these symlinks are accessed through valid path references.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.