Platform
nodejs
Component
@modelcontextprotocol/server-filesystem
Fixed in
0.6.5
0.6.3
CVE-2025-53110 is a high-severity vulnerability affecting versions of @modelcontextprotocol/server-filesystem up to 0.6.2. This vulnerability allows attackers to potentially access unintended files by exploiting a prefix matching flaw within the filesystem protocol. The issue has been resolved in version 0.6.4, and users are strongly advised to upgrade to this version to mitigate the risk. Cymulate reported the vulnerability.
The core of this vulnerability lies in how the @modelcontextprotocol/server-filesystem handles file access requests. Specifically, if a request's prefix matches an allowed directory, the system may inadvertently grant access to files outside the intended scope. An attacker could craft malicious requests to bypass access controls and retrieve sensitive data stored within the filesystem. The potential impact includes unauthorized access to configuration files, source code, or any other data accessible through the filesystem interface. While the description doesn't specify a direct path to remote code execution, the ability to read arbitrary files could be a stepping stone for further exploitation, such as information disclosure leading to privilege escalation.
CVE-2025-53110 was publicly disclosed on 2025-07-01. There is currently no indication of active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog. Public proof-of-concept code is not yet available, but the relatively straightforward nature of the prefix matching bypass suggests that a PoC could be developed relatively easily.
Exploit Status
EPSS
0.07% (22% percentile)
CISA SSVC
The primary mitigation for CVE-2025-53110 is to upgrade to version 0.6.4 or later of the @modelcontextprotocol/server-filesystem package. If an immediate upgrade is not feasible due to compatibility concerns or breaking changes, consider implementing stricter input validation on file access requests to prevent prefix matching bypasses. This could involve whitelisting allowed prefixes or implementing more robust path sanitization. Additionally, review and restrict file permissions to minimize the potential impact of unauthorized access. After upgrading, confirm the fix by attempting to access files outside the intended directory scope and verifying that access is denied.
Actualice la biblioteca `modelcontextprotocol/servers` a la versión 0.6.4 o superior. Esto corregirá la vulnerabilidad de omisión de validación de ruta. Puede actualizar usando el gestor de paquetes que utilice, como `pip install modelcontextprotocol/servers==0.6.4`.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-53110 is a high-severity vulnerability in @modelcontextprotocol/server-filesystem versions up to 0.6.2. It allows attackers to access unintended files due to a prefix matching flaw.
You are affected if you are using @modelcontextprotocol/server-filesystem versions 0.6.2 or earlier. Upgrade to 0.6.4 or later to resolve the issue.
Upgrade to version 0.6.4 or later of the @modelcontextprotocol/server-filesystem package. Implement stricter input validation on file access requests as a temporary workaround.
There is currently no indication of active exploitation campaigns targeting this vulnerability, but a PoC could be developed easily.
Refer to the advisory published by the @modelcontextprotocol/server-filesystem project, which is likely available on their GitHub repository or website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.