exploitDog

CVE-2025-66689

Опубликовано: 12 янв. 2026

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attackers to read arbitrary files on the system. The vulnerability is caused by flawed logic in the is_dangerous_path() validation function that uses exact string matching against a blacklist of system directories. Attackers can bypass these restrictions by accessing subdirectories of blacklisted paths.

Ссылки

https://github.com/BeehiveInnovations/zen-mcp-server/issues/293
Exploit
Issue Tracking
Third Party Advisory
https://github.com/Team-Off-course/MCP-Server-Vuln-Analysis/blob/main/CVE-2025-66689.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:busymac:pal_mcp_server:*:*:*:*:*:*:*:*

Версия до 9.8.2 (исключая)

EPSS

Процентиль: 9%

0.00033

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-577g-w45q-4pwf

CVSS3: 6.5

github

26 дней назад

A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attackers to read arbitrary files on the system. The vulnerability is caused by flawed logic in the is_dangerous_path() validation function that uses exact string matching against a blacklist of system directories. Attackers can bypass these restrictions by accessing subdirectories of blacklisted paths.

EPSS

Процентиль: 9%

0.00033

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22