关键漏洞信息 漏洞标题 Path validation bypass via symlink handling 严重性 High CVSS v4 base metrics: 8.4 / 10 影响的包和版本 Package: @modelcontextprotocol/server-filesystem (npm) Affected versions: < 0.6.3, < 2025.3.28 Patched versions: 0.6.3, 2025.7.01 描述 Description: - 版本低于0.6.3和2025.3.28的Filesystem可能允许通过符号链接访问未授权文件。 - 建议用户升级到0.6.4或2025.7.01以解决此问题。 报告者 Thank you to Elad Beber (Cymulate) for reporting these issues. CVSS v4 基础指标 Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Attack Requirements: None - Privileges Required: Low - User interaction: None Vulnerable System Impact Metrics: - Confidentiality: None - Integrity: None - Availability: High Subsequent System Impact Metrics: - Confidentiality: High - Integrity: High - Availability: High CVE ID CVE-2025-53109 弱点 No CWEs