CVE-2025-53110: @modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix

July 1, 2025 (updated July 2, 2025)

Versions of Filesystem prior to 0.6.3 & 2025.7.1 could allow access to unintended files in cases where the prefix matches an allowed directory. Users are advised to upgrade to 2025.7.1 to resolve the issue.

Thank you to Elad Beber (Cymulate) for reporting these issues.

References

github.com/advisories/GHSA-hc55-p739-j48w
github.com/modelcontextprotocol/servers
github.com/modelcontextprotocol/servers/commit/cc99bdabdcad93a58877c5f3ab20e21d4394423d
github.com/modelcontextprotocol/servers/security/advisories/GHSA-hc55-p739-j48w
nvd.nist.gov/vuln/detail/CVE-2025-53110

Code Behaviors & Features

Detect and mitigate CVE-2025-53110 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →