Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| modelcontextprotocol | servers | affected |
|
No data.
No data.
No data available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2025-19727 | @modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix |
 Github GHSA |
GHSA-hc55-p739-j48w | @modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix |
Wed, 16 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Wed, 02 Jul 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 02 Jul 2025 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files in cases where the prefix matches an allowed directory. Users are advised to upgrade to 0.6.4 or 2025.7.01 resolve. | |
| Title | Model Context Protocol Servers Vulnerable to Path Validation Bypass via Colliding Path Prefix | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-07-02T15:13:59.600Z
Reserved: 2025-06-25T13:41:23.087Z
Link: CVE-2025-53110
Vulnrichment
Updated: 2025-07-02T15:12:55.138Z
NVD
Status : Deferred
Published: 2025-07-02T15:15:27.843
Modified: 2026-04-15T00:35:42.020
Link: CVE-2025-53110
Redhat
No data.
OpenCVE Enrichment
No data.