@modelcontextprotocol/server-filesystem, Path Validation Bypass, CVE-2025-XXXXX (High)

By /

Listen to this Post

The vulnerability in @modelcontextprotocol/server-filesystem (CVE-2025-XXXXX) arises due to insufficient path validation when handling symbolic links (symlinks) and prefix matching. Attackers can exploit this by crafting symlinks that point outside permitted directories, bypassing security checks. The system only verifies if the resolved path starts with an allowed prefix, but fails to properly resolve symlinks before validation. This allows unauthorized access to sensitive files outside the intended directory scope.

DailyCVE Form:

Platform: @modelcontextprotocol/server-filesystem
Version: <= 0.6.2, >= 2025.1.14 < 2025.7.1
Vulnerability: Path bypass
Severity: High
Date: Jul 1, 2025

Prediction: Patch expected by Jul 8, 2025

What Undercode Say:

Check symlink resolution
ls -l /path/to/symlink
readlink -f /path/to/symlink
Verify patch
npm list @modelcontextprotocol/server-filesystem

How Exploit:

1. Create symlink pointing outside allowed dir.

  1. Trick server into accessing it via prefix match.

Protection from this CVE:

  • Update to v2025.7.1.
  • Disable symlink following.

Impact:

Unauthorized file access.

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

πŸ”JOIN OUR CYBER WORLD [ CVE News β€’ HackMonitor β€’ UndercodeNews ]

πŸ’¬ Whatsapp | πŸ’¬ Telegram

πŸ“’ Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | πŸ”— Linkedin Featured Image

Scroll to Top