CVE-2025-67366
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-07

Last updated on: 2026-01-08

Assigner: MITRE

Description
@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "read_content" tool. This vulnerability arises from improper symlink handling in the path validation mechanism: the resolvePath function checks path validity before resolving symlinks, while fs.readFile resolves symlinks automatically during file access. This allows attackers to bypass directory restrictions by leveraging symlinks within the allowed directory that point to external files, enabling unauthorized access to files outside the intended operational scope.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-07
Last Modified
2026-01-08
Generated
2026-06-16
AI Q&A
2026-01-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67366
EUVD
EUVD-2026-1202
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sylphxltd filesystem-mcp 0.5.8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a critical path traversal issue in version 0.5.8 of the filesystem-mcp server. It occurs because the path validation function checks the path before resolving symbolic links (symlinks), while the file reading function automatically resolves symlinks during access. Attackers can exploit this by placing symlinks inside allowed directories that point to files outside the intended scope, thereby bypassing directory restrictions and gaining unauthorized access to external files.

Impact Analysis

This vulnerability can allow attackers to access files outside the intended directory boundaries of the filesystem-mcp server. This unauthorized file access could lead to exposure of sensitive information, data leakage, or manipulation of files that should be protected, potentially compromising system security and user data.

Mitigation Strategies

To mitigate this vulnerability, ensure that the filesystem-mcp server is updated to a version that fixes the path traversal issue in the read_content tool. Until a fix is available, avoid using version 0.5.8 or restrict access to the MCP server to trusted users only. Additionally, monitor and control symlink usage within the allowed directories to prevent attackers from leveraging symlinks to access unauthorized files. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67366. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart