← back
CVE-2025-66689

CVE-2025-66689

CVSS 6.5 MEDIUMEPSS 0.5%CWE-22CWE-552
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Jan 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attackers to read arbitrary files on the system. The vulnerability is caused by flawed logic in the is_dangerous_path() validation function that uses exact string matching against a blacklist of system directories. Attackers can bypass these restrictions by accessing subdirectories of blacklisted paths.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/BeehiveInnovations/zen-mcp-server/issues/293https://github.com/Team-Off-course/MCP-Server-Vuln-Analysis/blob/main/CVE-2025-66689.md