Cyber Resilience

CVE-2025-67364

HighPublic PoC

Published: 07 January 2026

Published
07 January 2026
Modified
29 January 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0002 7.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67364 is a high-severity Path Traversal: '../filedir' (CWE-24) vulnerability in Efforthye Fast-Filesystem-Mcp. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 7.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-67364 is a path traversal vulnerability (CWE-24) in fast-filesystem-mcp version 3.4.0, affecting its file operation tools including fast_read_file. The issue stems from improper path validation in the safePath and isPathAllowed functions, which use path.resolve() without resolving symbolic links to their actual physical paths. This flaw enables attackers to bypass directory access restrictions by creating symlinks within allowed directories that point to restricted system paths.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. By placing symlinks in permitted directories that reference sensitive files, attackers can access them via valid path references, evading validation checks and obtaining unauthorized file contents. The CVSS v3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high confidentiality impact with no integrity or availability disruption.

Mitigation details and advisories are available in the project repository at https://github.com/efforthye/fast-filesystem-mcp and the related issue tracker at https://github.com/efforthye/fast-filesystem-mcp/issues/10, published on 2026-01-07.

EU & UK References

Vulnerability details

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed functions use…

more

path.resolve() which does not handle symlinks, allowing attackers to bypass directory access restrictions by creating symlinks within allowed directories that point to restricted system paths. When these symlinks are accessed through valid path references, the validation checks are circumvented, enabling access to unauthorized files.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Path traversal in network-exposed file tool enables remote unauthenticated file reads, directly supporting public app exploitation (T1190) and local data collection (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-27920Shared CWE-24
CVE-2025-0390Shared CWE-24
CVE-2026-39813Shared CWE-24
CVE-2026-28427Shared CWE-24
CVE-2026-22810Shared CWE-24
CVE-2026-41082Shared CWE-24
CVE-2026-40318Shared CWE-24
CVE-2025-63298Shared CWE-24
CVE-2025-61318Shared CWE-24
CVE-2025-53513Shared CWE-24

Affected Assets

efforthye
fast-filesystem-mcp
3.4.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper path validation vulnerability by requiring checks on file path inputs to ensure they resolve correctly, including symlinks, preventing traversal to unauthorized locations.

prevent

Mandates enforcement mechanisms that properly validate and canonicalize paths in file operations to block unauthorized access via symlinks bypassing directory restrictions.

prevent

Requires timely remediation of flaws such as the path.resolve() symlink handling defect in fast-filesystem-mcp file tools to eliminate the vulnerability.

References