CVE-2025-53109 — @modelcontextprotocol/server-filesystem allows for path validation bypass via pr

Description

Versions of Filesystem prior to 0.6.3 & 2025.7.1 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 2025.7.1 to resolve. Thank you to Elad Beber (Cymulate) for reporting these issues.

How to fix CVE-2025-53109

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

npm/@modelcontextprotocol/server-filesystem—no fix listed

Is CVE-2025-53109 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, <= 0.6.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:H/SI:H/SA:H

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-53109
PATCHgithub.com/modelcontextprotocol/servers
WEBgithub.com/modelcontextprotocol/servers/commit/d00c60df9d74dba8a3bb13113f8904407cda594f
WEBgithub.com/modelcontextprotocol/servers/security/advisories/GHSA-q66q-fx2p-7w4m