Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-53109

Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01 resolve.

Published

2025-07-02T15:15:27.670

Last Modified

2025-07-03T15:13:53.147

Status

Awaiting Analysis

Source

[email protected]

Severity

Weaknesses

Type: Primary
CWE-59

Affected Vendors & Products

References

https://github.com/modelcontextprotocol/servers/commit/d00c60df9d74dba8a3bb13113f8904407cda594f ([email protected])
https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-q66q-fx2p-7w4m ([email protected])