CVE-2025-53110
- Source
- https://cve.org/CVERecord?id=CVE-2025-53110
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53110.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-53110
- Aliases
- Published
- 2025-07-02T14:30:39.947Z
- Modified
- 2025-12-05T10:19:18.356523Z
- Severity
-
- 7.3 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:H/SI:H/SA:H CVSS Calculator
- Summary
- Model Context Protocol Servers Vulnerable to Path Validation Bypass via Colliding Path Prefix
- Details
-
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files in cases where the prefix matches an allowed directory. Users are advised to upgrade to 0.6.4 or 2025.7.01 resolve.
- Database specific
{ "cwe_ids": [ "CWE-22" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53110.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53110.json
- https://github.com/modelcontextprotocol/servers/commit/cc99bdabdcad93a58877c5f3ab20e21d4394423d
- https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-hc55-p739-j48w
- https://nvd.nist.gov/vuln/detail/CVE-2025-53110
Affected packages
Git / github.com/modelcontextprotocol/servers
Affected ranges
- Type
- GIT
- Repo
- https://github.com/modelcontextprotocol/servers
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed