CVE-2025-67366 – CVE-2025-67366 is a critical path traversal vul... (How to Fix)

Q: What is the severity of CVE-2025-67366?

CVE-2025-67366 has a CVSS score of 7.5 (HIGH). CVE-2025-67366 is a critical path traversal vulnerability in @sylphxltd/filesystem-mcp v0.5.8 that allows attackers to bypass directory restrictions using symbolic links. This enables unauthorized reading of files outside the intended operational scope. Anyone using the vulnerable version of this MCP server for file content reading is affected.

📋 TL;DR

CVE-2025-67366 is a critical path traversal vulnerability in @sylphxltd/filesystem-mcp v0.5.8 that allows attackers to bypass directory restrictions using symbolic links. This enables unauthorized reading of files outside the intended operational scope. Anyone using the vulnerable version of this MCP server for file content reading is affected.

💻 Affected Systems

Products:

@sylphxltd/filesystem-mcp

Versions: Version 0.5.8 specifically

Operating Systems: All operating systems that support symbolic links (Linux, macOS, Windows with appropriate settings)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration of version 0.5.8. Any deployment using this version with the read_content tool enabled is vulnerable.

📦 What is this software?

Filesystem Mcp by Sylphx

View all CVEs affecting Filesystem Mcp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete file system compromise allowing attackers to read sensitive system files, configuration files, passwords, and other critical data.

🟠

Likely Case

Unauthorized access to files in parent directories or other accessible locations, potentially exposing application data, logs, or configuration files.

🟢

If Mitigated

Limited impact if proper file permissions and access controls restrict what files can be accessed even with path traversal.

🌐 Internet-Facing: HIGH if the MCP server is exposed to untrusted users or networks, as it provides direct file access capabilities.

🏢 Internal Only: MEDIUM as internal attackers or compromised internal systems could still exploit this to escalate privileges or access sensitive data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is straightforward to exploit by creating symbolic links within allowed directories pointing to restricted files. No authentication bypass is needed if the read_content tool is accessible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 0.5.9 or later

Vendor Advisory: https://github.com/sylphxltd/filesystem-mcp/issues/134

Restart Required: Yes

Instructions:

1. Stop the filesystem-mcp server
2. Update to version 0.5.9 or later: npm update @sylphxltd/filesystem-mcp
3. Restart the MCP server

🔧 Temporary Workarounds

Disable symbolic link following

linux

Configure the operating system or filesystem to prevent symbolic link resolution in the allowed directories

chmod -h on Linux systems to remove symlink permissions
Use nofollow mount options if available

Restrict directory permissions

linux

Set strict file permissions on sensitive directories to prevent unauthorized access even if traversal occurs

chmod 700 /sensitive/directories
chown root:root /sensitive/directories

🧯 If You Can't Patch

Disable the read_content tool entirely if not needed
Run the MCP server with minimal privileges and in a chroot/jail environment

🔍 How to Verify

Check if Vulnerable:

Check the package version: npm list @sylphxltd/filesystem-mcp | grep filesystem-mcp

Check Version:

npm list @sylphxltd/filesystem-mcp | grep filesystem-mcp

Verify Fix Applied:

Verify version is 0.5.9 or higher: npm list @sylphxltd/filesystem-mcp | grep 'filesystem-mcp@'

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns outside expected directories
Multiple failed path resolution attempts followed by successful access

Network Indicators:

Unexpected file read requests with path traversal patterns
Requests accessing files with known sensitive names

SIEM Query:

source="filesystem-mcp" AND (path CONTAINS "../" OR path CONTAINS "/.." OR file_access OUTSIDE allowed_directories)

📊 Metadata

CVE ID: CVE-2025-67366

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-23

EPSS Score: 0.05% exploit probability (16.1th percentile)

Published: January 7, 2026

Last Updated: January 29, 2026

🔗 References

https://github.com/sylphxltd/filesystem-mcp Product
https://github.com/sylphxltd/filesystem-mcp/issues/134 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67366, you might also want to check these: