CVE-2025-53110

Published Jul 2, 2025

Last updated 15 days ago

CVSS high 7.3

Overview

Description
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files in cases where the prefix matches an allowed directory. Users are advised to upgrade to 0.6.4 or 2025.7.01 resolve.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
7.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-22

Social media

Hype score
Not currently trending

  1. Anthropic MCP の脆弱性 CVE-2025-53110/53109 が FIX:サンドボックス回避とコード実行の可能性 https://t.co/Eufw7RACXt Anthropic の Filesystem MCP Server に発見された2件の脆弱性は、AI

    @iototsecnews

    18 Jul 2025

    122 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-53110 Path Traversal Vulnerability in Model Context Protocol Filesystem Implementations https://t.co/vaWvgon88n

    @VulmonFeeds

    2 Jul 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 Excited to share two high-severity CVEs I discovered in Anthropic’s MCP Filesystem Server: • CVE-2025-53110 — Directory Containment Bypass (7.3) • CVE-2025-53109 — Symlink Bypass to Code Execution (8.4) Full technical details: 👉 https://t.co/CUwkAlmlAa

    @EladBeber

    2 Jul 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-53110 Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 c… https://t.co/CWf48EoB6v

    @CVEnew

    2 Jul 2025

    369 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 Critical Unauthorized File Access Vulnerability in @modelcontextprotocol/server-filesystem - CVE-2025-53110. Update to version 2025.7.1 to prevent unauthorized file access and mitigate security risks. 🔧 Read more: https://t.co/R3YZ7oEB0t #ServerFilesystem #FileAccess htt

    @vulert_official

    2 Jul 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.