CVE-2025-53109

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-53109
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53109.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-53109
Aliases
Published
2025-07-02T15:15:27Z
Modified
2025-07-04T09:53:46.464989Z
Summary
[none]
Details

Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01 resolve.

References

Affected packages

Git / github.com/modelcontextprotocol/servers

Affected ranges

Type
GIT
Repo
https://github.com/modelcontextprotocol/servers
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.1.0
0.2.0
0.3.0
0.3.1
0.4.0
0.4.1
0.5.0
0.5.1

python-servers-0.*

python-servers-0.6.1
python-servers-0.6.2

typescript-servers-0.*

typescript-servers-0.6.0
typescript-servers-0.6.1
typescript-servers-0.6.2