CVE-2025-67364 Overview
CVE-2025-67364 is a path traversal vulnerability affecting fast-filesystem-mcp version 3.4.0. The vulnerability exists in file operation tools including fast_read_file and stems from improper path validation that fails to properly resolve symbolic links to their actual physical paths. This security flaw allows attackers to bypass directory access restrictions and gain unauthorized access to sensitive files on the system.
Critical Impact
Attackers can bypass directory access controls by exploiting symlink resolution weaknesses, potentially accessing sensitive system files, configuration data, and credentials outside allowed directories.
Affected Products
- fast-filesystem-mcp version 3.4.0
Discovery Timeline
- 2026-01-07 - CVE CVE-2025-67364 published to NVD
- 2026-01-08 - Last updated in NVD database
Technical Details for CVE-2025-67364
Vulnerability Analysis
This path traversal vulnerability (CWE-24) exists in the path validation logic of fast-filesystem-mcp. The core issue lies in how the safePath and isPathAllowed functions handle path resolution. These functions rely on path.resolve() to normalize and validate file paths before granting access, but this approach fails to account for symbolic links.
When a symbolic link is created within an allowed directory that points to a restricted system path, the validation functions only verify that the symlink's location is within the permitted directory tree. They do not follow the symlink to verify that the actual target file or directory is also within allowed boundaries. This creates a security gap where the path validation is performed on the link itself rather than on the final resolved destination.
The attack is network-accessible without requiring authentication or user interaction, and successful exploitation results in unauthorized file disclosure from restricted paths.
Root Cause
The root cause is the use of path.resolve() for path validation without subsequently calling fs.realpathSync() or equivalent to resolve symbolic links to their actual physical paths. The path.resolve() function only performs string-based path normalization (removing . and .. segments, converting to absolute paths) but does not interact with the filesystem to follow symlinks. This means a validated path like /allowed/dir/link may actually point to /etc/passwd or other sensitive locations.
Attack Vector
An attacker with the ability to create files or symbolic links within an allowed directory can exploit this vulnerability by:
- Creating a symbolic link inside an allowed directory that points to a restricted system path (e.g., /etc/passwd, /etc/shadow, or application configuration files)
- Using the fast_read_file tool or similar file operation functions to access the symlink through its allowed path
- The path validation passes because the symlink's location is within the allowed directory
- The file system then follows the symlink and returns the content of the restricted file
The vulnerability can be exploited remotely over the network and requires no privileges or user interaction, making it particularly dangerous in exposed deployments.
The vulnerable pattern in the safePath and isPathAllowed functions fails to use fs.realpathSync() after path.resolve(), which would properly resolve symbolic links and reveal when a path ultimately targets a location outside allowed directories. Technical details and discussion are available in GitHub Issue #10.
Detection Methods for CVE-2025-67364
Indicators of Compromise
- Unexpected symbolic links appearing in allowed directories, especially those pointing to sensitive system paths like /etc/, /root/, or application configuration directories
- Access logs showing file read operations returning content from paths outside the configured allowed directories
- Unusual file access patterns where legitimate-looking paths return sensitive system data
Detection Strategies
- Implement file integrity monitoring to detect creation of new symbolic links in allowed directories
- Audit file system operations to identify when accessed file paths differ from their resolved real paths
- Monitor for access attempts to sensitive files like /etc/passwd, /etc/shadow, or credential files that originate from allowed directory contexts
Monitoring Recommendations
- Enable detailed logging for all file operations performed through fast-filesystem-mcp tools
- Implement alerts for symlink creation events within allowed directories
- Regularly scan allowed directories for symbolic links and verify they point to legitimate, permitted locations
How to Mitigate CVE-2025-67364
Immediate Actions Required
- Audit all allowed directories for existing symbolic links that may point to sensitive or restricted paths
- Remove or remediate any suspicious symbolic links found in allowed directories
- Consider restricting the ability to create symbolic links within directories exposed to fast-filesystem-mcp
- Monitor the project repository for security patches
Patch Information
As of the last NVD update on 2026-01-08, patch information is not available. Users should monitor the fast-filesystem-mcp GitHub repository and Issue #10 for updates regarding a security fix.
Workarounds
- Disable or restrict file operations through fast-filesystem-mcp until a patch is available
- Implement additional access controls at the operating system level to prevent symlink creation in allowed directories
- Use bind mounts or containers to isolate allowed directories from sensitive system paths
- Apply file system restrictions such as nosymfollow mount options where supported
# Example: Restrict symlink creation in allowed directory
chmod -h o-w /path/to/allowed/directory
# Example: Mount with nosymfollow option (Linux kernel 5.10+)
mount -o remount,nosymfollow /path/to/allowed/directory
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
