CVE-2025-53110 - Vulnerability Details

Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files in cases where the prefix matches an allowed directory. Users are advised to upgrade to 0.6.4 or 2025.7.01 resolve.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0011.

Exploitation none

Automatable no

Technical Impact partial

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2025-19727	@modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix
Github GHSA	GHSA-hc55-p739-j48w	@modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/modelcontextprotocol/servers/commit/cc99bdabdcad93a58877c5f3ab20e21d4394423d
https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-hc55-p739-j48w

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00082}`	epss `{'score': 0.00084}`

Wed, 02 Jul 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 02 Jul 2025 14:45:00 +0000

Type	Values Removed	Values Added
Description		Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files in cases where the prefix matches an allowed directory. Users are advised to upgrade to 0.6.4 or 2025.7.01 resolve.
Title		Model Context Protocol Servers Vulnerable to Path Validation Bypass via Colliding Path Prefix
Weaknesses		CWE-22
References		https://github.com/modelcontextprotocol/servers/commit/cc99bdabdcad93a58877c5f3ab20e21d4394423d https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-hc55-p739-j48w
Metrics		cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2025-07-02T14:30:39.947Z

Updated: 2025-07-02T15:13:59.600Z

Reserved: 2025-06-25T13:41:23.087Z

Link: CVE-2025-53110

Vulnrichment

Updated: 2025-07-02T15:12:55.138Z

NVD

Status : Awaiting Analysis

Published: 2025-07-02T15:15:27.843

Modified: 2025-07-03T15:13:53.147

Link: CVE-2025-53110

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object