CVE-2025-11489
BaseFortify
Publication date: 2025-10-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wonderwhy-er | desktopcommandermcp | to 0.2.13 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-61 | The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. |
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11489 is a directory traversal vulnerability in the isPathAllowed function of wonderwhy-er DesktopCommanderMCP up to version 0.2.13. The function is intended to restrict file operations to allowed directories by normalizing paths, but it fails to resolve symbolic links (symlinks). An attacker with local access can create a symlink inside an allowed directory that points to a restricted or sensitive location outside it. Because the function only checks the path string and not the resolved target, it mistakenly allows access. This enables arbitrary file read or write operations outside the intended directory, potentially exposing sensitive files or allowing code execution if executable files are overwritten. [1, 2, 4]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with local access to bypass directory restrictions and read or modify any file accessible by the process running DesktopCommanderMCP. This includes sensitive data such as SSH keys, configuration files, or other confidential information. Additionally, if executable files are overwritten, it could lead to code execution. The severity depends on the privileges of the user running the affected service. Since the exploit requires local access and has high attack complexity, it is considered difficult to exploit but still poses a significant risk. [1, 2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of symlinks inside allowed directories that point to restricted or sensitive locations outside those directories. A practical approach is to look for symbolic links within the allowed directory and verify their targets. For example, using the command `find /path/to/allowed/directory -type l -exec ls -l {} \;` will list all symlinks and their targets inside the allowed directory. If any symlink points outside the allowed directory, it indicates a potential exploitation of this vulnerability. Additionally, attempts to access files through such symlinks can be tested to confirm if unauthorized access is possible. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include running Desktop Commander within Docker containers to provide actual isolation, as recommended by the vendor. This containment prevents the vulnerability from allowing unauthorized file access outside the container. Additionally, users should avoid running the affected versions of DesktopCommanderMCP (up to 0.2.13) on production systems, as the product is no longer supported and no official patches are available. If possible, modify or patch the isPathAllowed function to resolve canonical paths including symlinks (e.g., using Node.js's fs.realpathSync()) before validating paths to prevent symlink bypass. Until a fix is applied, restrict local user access to the system to trusted users only. [2, 4]