AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Anthropic Filesystem MCP Server: Directory Access Bypass via Improper Path Validation

highnewsLLM-Specific

security

Source: Embrace The RedAugust 3, 2025

Summary

Anthropic's filesystem MCP server (a tool that lets AI assistants like Claude access your computer's files) had a path validation vulnerability where it only checked if a file path started with an allowed directory name, rather than confirming it was actually in that directory. This meant if you allowed access to /mnt/finance/data, the AI could also access sibling files like /mnt/finance/data-archived because the path string starts the same way.

Solution / Mitigation

Anthropic rewrote the filesystem server to support the roots feature of MCP, and this updated release fixed the vulnerability. The vulnerability is tracked as CVE-2025-53109.

Classification

Attack Type

Other

Attack SophisticationTrivial

Impact (CIA+S)

confidentialityintegrity

Affected Vendors

Anthropic

Related Issues

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Same vendorTechCrunch

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

First tracked: February 12, 2026 at 02:20 PM

Classified by LLM (prompt v3) · confidence: 95%