CNNVD-202507-154 Information

CNNVD ID

CNNVD-202507-154

Related CVE

CVE-2025-53110

• CNNVD Published: 2025-07-02

Description (Chinese)

Model Context Protocol Servers是Model Context Protocol开源的一个大模型上下文协议服务器。 Model Context Protocol Servers 0.6.4之前版本和2025.7.01之前版本存在路径遍历漏洞，该漏洞源于前缀匹配可能导致访问意外文件。

Description (English)

Model ContoxProtocol Servers is a large-model context protocol server for the Model ContextProtocol open source. Model Context Protocol Servers 0.6.4 and 2025.7.01 have path-to-path loopholes, which stem from prefix matching that may lead to unexpected access to files.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

Model Context Protocol

Published

2025-07-02

Last Modified

2026-02-24

References

https://github.com/modelcontextprotocol/servers/commit/cc99bdabdcad93a58877c5f3ab20e21d4394423d https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-hc55-p739-j48w

Patch

https://github.com/modelcontextprotocol/servers/releases