CVE-2025-67364
Published: 07 January 2026
Summary
CVE-2025-67364 is a high-severity Path Traversal: '../filedir' (CWE-24) vulnerability in Efforthye Fast-Filesystem-Mcp. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 7.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-67364 is a path traversal vulnerability (CWE-24) in fast-filesystem-mcp version 3.4.0, affecting its file operation tools including fast_read_file. The issue stems from improper path validation in the safePath and isPathAllowed functions, which use path.resolve() without resolving symbolic links to their actual physical paths. This flaw enables attackers to bypass directory access restrictions by creating symlinks within allowed directories that point to restricted system paths.
Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. By placing symlinks in permitted directories that reference sensitive files, attackers can access them via valid path references, evading validation checks and obtaining unauthorized file contents. The CVSS v3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high confidentiality impact with no integrity or availability disruption.
Mitigation details and advisories are available in the project repository at https://github.com/efforthye/fast-filesystem-mcp and the related issue tracker at https://github.com/efforthye/fast-filesystem-mcp/issues/10, published on 2026-01-07.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-1195
Vulnerability details
fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed functions use…
more
path.resolve() which does not handle symlinks, allowing attackers to bypass directory access restrictions by creating symlinks within allowed directories that point to restricted system paths. When these symlinks are accessed through valid path references, the validation checks are circumvented, enabling access to unauthorized files.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in network-exposed file tool enables remote unauthenticated file reads, directly supporting public app exploitation (T1190) and local data collection (T1005).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the improper path validation vulnerability by requiring checks on file path inputs to ensure they resolve correctly, including symlinks, preventing traversal to unauthorized locations.
Mandates enforcement mechanisms that properly validate and canonicalize paths in file operations to block unauthorized access via symlinks bypassing directory restrictions.
Requires timely remediation of flaws such as the path.resolve() symlink handling defect in fast-filesystem-mcp file tools to eliminate the vulnerability.