Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/07/04 3:24 p.m.9 views

CVE-2025-53109

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01...

7.3CVSS6.3AI score0.00694EPSS
Exploits0References1
Circl
Circl
added 2025/07/02 4:56 p.m.9 views

CVE-2025-53109

creationtimestamp| type| source ---|---|--- 2025-07-02 16:56:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsyolnrp7y2m 2025-07-02 17:43:18+00:00| seen| https://bsky.app/profile/r-netsec-bot.bsky.social/post/3lsyr7wntms26 2025-07-02 18:24:31+00:00| seen|...

7.3CVSS5.8AI score0.00694EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/07/02 2:30 p.m.14 views

CVE-2025-53109 Model Context Protocol Servers Vulnerable to Path Validation Bypass via Prefix Matching and Symlink Handling

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01...

7.3CVSS0.00694EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/07/01 8:13 p.m.5 views

@iflow-mcp/alibabacloud-dataworks-mcp-server (=1.0.43), @mseep/alibabacloud-dataworks-mcp-server (=1.0.36) +1 more potentially affected by CVE-2025-53109 via @modelcontextprotocol/server-filesystem (=2025.3.28)

@modelcontextprotocol/server-filesystem NPM version =2025.3.28 is affected by a known vulnerability. The following packages have a transitive dependency on @modelcontextprotocol/server-filesystem and may be impacted: - @iflow-mcp/alibabacloud-dataworks-mcp-server =1.0.43 -...

7.3CVSS6AI score0.00694EPSS
Exploits0
Rows per page
Query Builder