CVE-2025-67366

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "read_content" tool. This vulnerability arises from improper symlink handling in the path validation mechanism: the resolvePath function checks path validity before resolving symlinks, while fs.readFile resolves symlinks automatically during file access. This allows attackers to bypass directory restrictions by leveraging symlinks within the allowed directory that point to external files, enabling unauthorized access to files outside the intended operational scope.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/sylphxltd/filesystem-mcp	Product
https://github.com/sylphxltd/filesystem-mcp/issues/134	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sylphx:filesystem-mcp:0.5.8:*:*:*:*:node.js:*:*

History

No history.

Information

Published : 2026-01-07 17:16

Updated : 2026-01-29 01:02

NVD link : CVE-2025-67366

Mitre link : CVE-2025-67366

CVE.ORG link : CVE-2025-67366

JSON object : View

Products Affected

sylphx

filesystem-mcp

CWE

CWE-23

Relative Path Traversal

7.5 /10