4 matches found
CVE-2025-53109
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01...
CVE-2025-53109
creationtimestamp| type| source ---|---|--- 2025-07-02 16:56:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsyolnrp7y2m 2025-07-02 17:43:18+00:00| seen| https://bsky.app/profile/r-netsec-bot.bsky.social/post/3lsyr7wntms26 2025-07-02 18:24:31+00:00| seen|...
CVE-2025-53109 Model Context Protocol Servers Vulnerable to Path Validation Bypass via Prefix Matching and Symlink Handling
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01...
@iflow-mcp/alibabacloud-dataworks-mcp-server (=1.0.43), @mseep/alibabacloud-dataworks-mcp-server (=1.0.36) +1 more potentially affected by CVE-2025-53109 via @modelcontextprotocol/server-filesystem (=2025.3.28)
@modelcontextprotocol/server-filesystem NPM version =2025.3.28 is affected by a known vulnerability. The following packages have a transitive dependency on @modelcontextprotocol/server-filesystem and may be impacted: - @iflow-mcp/alibabacloud-dataworks-mcp-server =1.0.43 -...