{"data":{"id":"a9394c4f-cf1f-4a2a-9273-6c7d5c19a6e7","title":"Anthropic Filesystem MCP Server: Directory Access Bypass via Improper Path Validation","summary":"Anthropic's filesystem MCP server (a tool that lets AI assistants like Claude access your computer's files) had a path validation vulnerability where it only checked if a file path started with an allowed directory name, rather than confirming it was actually in that directory. This meant if you allowed access to /mnt/finance/data, the AI could also access sibling files like /mnt/finance/data-archived because the path string starts the same way.","solution":"Anthropic rewrote the filesystem server to support the roots feature of MCP, and this updated release fixed the vulnerability. The vulnerability is tracked as CVE-2025-53109.","labels":["security"],"sourceUrl":"https://embracethered.com/blog/posts/2025/anthropic-filesystem-mcp-server-bypass/","publishedAt":"2025-08-03T08:30:58.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["other"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude Desktop","Filesystem MCP Server"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"plugin","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}