7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-67364

CVE-2025-67364: fast-filesystem-mcp has a Path Traversal vulnerability

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed functions use path.resolve() which does not handle symlinks, allowing attackers to bypass directory access restrictions by creating symlinks within allowed directories that point to restricted system paths. When these symlinks are accessed through valid path references, the validation checks are circumvented, enabling access to unauthorized files.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-67364

CVE-2025-67364:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
fast-filesystem-mcp	npm	<= 3.4.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability exists due to improper path validation in the fast-filesystem-mcp package. The core of the issue lies in the isPathAllowed and safePath functions within src/utils.ts. These functions use path.resolve() to canonicalize file paths before checking if they are within an allowed directory. The critical flaw is that path.resolve() does not resolve symbolic links to their actual physical paths.

An attacker can exploit this by creating a symbolic link inside an allowed directory that points to a sensitive file or directory outside of the allowed locations (e.g., /etc/passwd). When a file operation tool like fast_read_file (implemented by handleReadFileWithAutoChunking) is called with the path to this symbolic link, the isPathAllowed function will approve it because the link's path appears to be in a safe location. Subsequently, the path is passed to native file system functions (like fs.open or fs.stat), which follow the symbolic link and access the restricted resource.

The functions handleReadFileWithAutoChunking, handleListDirectoryWithAutoChunking, and handleSearchFilesWithAutoChunking in src/enhanced-handlers.ts are all vulnerable because they consume user-provided paths and rely on the flawed safePath function for validation, making them entry points for exploitation.

Vulnerable functions

isPathAllowed

src/utils.ts

The function uses `path.resolve()` to determine the absolute path of `targetPath`. However, `path.resolve()` does not resolve symbolic links to their physical location. An attacker can create a symbolic link within an allowed directory that points to a restricted file or directory. When `isPathAllowed` is called with the path to the symbolic link, it will incorrectly approve the path because the resolved path of the symlink itself appears to be within the allowed directory.

safePath

src/utils.ts

This function relies on the vulnerable `isPathAllowed` function to perform its security check. Because `isPathAllowed` can be bypassed using symbolic links, `safePath` will return a resolved path to a symbolic link that points to an unauthorized location. This returned path is then used in file operations, leading to path traversal.

handleReadFileWithAutoChunking

src/enhanced-handlers.ts

This function takes a user-provided file path and uses the vulnerable `safePath` function to validate it. The path returned by `safePath` is then used in `fs.stat` and `fs.open`. Since `safePath` can be bypassed with a symbolic link, this function can be tricked into reading files from outside the intended directories, leading to arbitrary file read.

handleListDirectoryWithAutoChunking

src/enhanced-handlers.ts

This function is vulnerable to path traversal because it uses the `safePath` function to validate the user-provided directory path. An attacker can provide a path to a symbolic link that points to a restricted directory, bypassing the security check and allowing them to list the contents of unauthorized directories.

handleSearchFilesWithAutoChunking

src/enhanced-handlers.ts

This function uses the vulnerable `safePath` function to validate the base search path provided by the user. By supplying a symbolic link that points to a restricted location, an attacker can cause this function to search for files in unauthorized directories, potentially exposing sensitive information.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-67364: fast-filesystem-mcp has a Path Traversal vulnerability

CVE-2025-67364:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

CVE-2025-67364: fast-filesystem-mcp has a Path Traversal vulnerability

7.5

7.5

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI