Home > Vulnerability Database > CVE-2025-53109

Mend.io Vulnerability Database

CVE-2025-53109

Good to know:

Date: July 2, 2025

Versions of Filesystem prior to 0.6.3 & 2025.3.28 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01 resolve.

Severity Score

7.4

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-53109

Url: https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-q66q-fx2p-7w4m

Url: https://github.com/modelcontextprotocol/servers/commit/d00c60df9d74dba8a3bb13113f8904407cda594f

Url: https://github.com/modelcontextprotocol/servers

Url: https://www.mend.io/vulnerability-database/CVE-2025-53109

Severity Score

7.4

Weakness Type (CWE)

Improper Link Resolution Before File Access ('Link Following')

CWE-59

Top Fix

Upgrade Version

Upgrade to version @modelcontextprotocol/server-filesystem - 2025.7.1;@modelcontextprotocol/server-filesystem - 2025.7.1;https://github.com/modelcontextprotocol/servers.git - 2025.7.1

Learn More

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-53109

Good to know:

Date: July 2, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?