CVE-2025-67364
Path Traversal in fast-filesystem-mcp 3.4.0 Enables Unauthorized Access
Publication date: 2026-01-07
Last updated on: 2026-01-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| efforthye | fast-filesystem-mcp | 3.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-24 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a critical path traversal issue in fast-filesystem-mcp version 3.4.0. It occurs because the software's path validation functions use path.resolve(), which does not resolve symbolic links to their actual physical paths. Attackers can create symbolic links inside allowed directories that point to restricted system paths. When these symlinks are accessed, the validation checks are bypassed, allowing unauthorized access to files outside the permitted directories. [2]
How can this vulnerability impact me? :
This vulnerability can allow attackers to bypass directory access restrictions and gain unauthorized access to sensitive or restricted files on the system. By exploiting symbolic links, attackers can read files outside the allowed directories, potentially exposing confidential data or system files that should be protected. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of symlinks within allowed directories that point to restricted system paths, which bypass path validation. You can look for suspicious symlinks using commands like `find /allowed/directory -type l -exec ls -l {} \;` to list symbolic links and their targets. Additionally, monitoring file access logs for unexpected access to restricted paths via allowed directories can help detect exploitation attempts. Since the vulnerability involves the fast_read_file tool, testing access to files through symlinks that point outside allowed directories can confirm the issue. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of fast-filesystem-mcp version 3.4.0 until a patched version is available. If possible, restrict user ability to create or use symbolic links within allowed directories. Monitor and audit symlink usage carefully. Applying a patch or update that replaces path.resolve() with fs.realpath() or an equivalent function to fully resolve symlinks before path validation is the expected fix. Until then, consider implementing additional access controls or sandboxing to prevent unauthorized file access through symlinks. [2]