CVE-2025-53110
BaseFortify
Publication date: 2025-07-02
Last updated on: 2025-07-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Model Context Protocol Servers, specifically versions of Filesystem prior to 0.6.4 or 2025.7.01. It allows access to unintended files when the prefix matches an allowed directory, potentially exposing files that should not be accessible.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to files that are not intended to be accessible, which may result in exposure of sensitive or confidential information, potentially compromising system security and user privacy.
What immediate steps should I take to mitigate this vulnerability?
Users are advised to upgrade to version 0.6.4 or 2025.7.01 of the Filesystem to resolve this vulnerability.