CVE-2025-67366

Name of the Vulnerable Software and Affected Versions @sylphxltd/filesystem-mcp version 0.5.8

Description @sylphxltd/filesystem-mcp version 0.5.8 contains a path traversal issue in the “read content” tool. The issue is due to improper symlink handling in the path validation mechanism. The resolvePath function checks path validity before resolving symlinks, while fs.readFile resolves symlinks automatically during file access. This allows attackers to bypass directory restrictions by using symlinks within the allowed directory that point to external files, potentially enabling unauthorized access to files outside the intended scope.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.