{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-11489", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-10-08T10:41:17.305Z", "datePublished": "2025-10-08T18:02:11.266Z", "dateUpdated": "2025-10-08T18:31:28.150Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-10-08T18:02:11.266Z"}, "title": "wonderwhy-er DesktopCommanderMCP filesystem.ts isPathAllowed symlink", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-61", "lang": "en", "description": "Symlink Following"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-59", "lang": "en", "description": "Link Following"}]}], "affected": [{"vendor": "wonderwhy-er", "product": "DesktopCommanderMCP", "versions": [{"version": "0.2.0", "status": "affected"}, {"version": "0.2.1", "status": "affected"}, {"version": "0.2.2", "status": "affected"}, {"version": "0.2.3", "status": "affected"}, {"version": "0.2.4", "status": "affected"}, {"version": "0.2.5", "status": "affected"}, {"version": "0.2.6", "status": "affected"}, {"version": "0.2.7", "status": "affected"}, {"version": "0.2.8", "status": "affected"}, {"version": "0.2.9", "status": "affected"}, {"version": "0.2.10", "status": "affected"}, {"version": "0.2.11", "status": "affected"}, {"version": "0.2.12", "status": "affected"}, {"version": "0.2.13", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The attack's complexity is rated as high. It is stated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The vendor explains: \"Our restriction features are designed as guardrails for LLMs to help them stay closer to what users want, rather than hardened security boundaries. (...) For users where security is a top priority, we continue to recommend using Desktop Commander with Docker, which provides actual isolation. (...) We'll keep this issue open for future consideration if we receive more user demand for improved restrictions.\" This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "de", "value": "In wonderwhy-er DesktopCommanderMCP up to 0.2.13 wurde eine Schwachstelle gefunden. Hiervon betroffen ist die Funktion isPathAllowed der Datei src/tools/filesystem.ts. Mittels Manipulieren mit unbekannten Daten kann eine symlink following-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Sie gilt als schwierig auszunutzen. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "LOW"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.5, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.5, "vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C"}}], "timeline": [{"time": "2025-10-08T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-10-08T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-10-08T12:46:24.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "crem (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.327606", "name": "VDB-327606 | wonderwhy-er DesktopCommanderMCP filesystem.ts isPathAllowed symlink", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.327606", "name": "VDB-327606 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.668004", "name": "Submit #668004 | wonderwhy-er DesktopCommanderMCP 0.2.13 wonderwhy-er", "tags": ["third-party-advisory"]}, {"url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/219", "tags": ["issue-tracking"]}, {"url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/219#issuecomment-3214114903", "tags": ["issue-tracking"]}, {"url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/219#issue-3343862329", "tags": ["exploit", "issue-tracking"]}], "tags": ["unsupported-when-assigned"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-08T18:30:58.825762Z", "id": "CVE-2025-11489", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-08T18:31:28.150Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11489", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-08T18:30:58.825762Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-08T18:31:06.053Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "wonderwhy-er DesktopCommanderMCP filesystem.ts isPathAllowed symlink", "credits": [{"lang": "en", "type": "reporter", "value": "crem (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.5, "vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C"}}], "affected": [{"vendor": "wonderwhy-er", "product": "DesktopCommanderMCP", "versions": [{"status": "affected", "version": "0.2.0"}, {"status": "affected", "version": "0.2.1"}, {"status": "affected", "version": "0.2.2"}, {"status": "affected", "version": "0.2.3"}, {"status": "affected", "version": "0.2.4"}, {"status": "affected", "version": "0.2.5"}, {"status": "affected", "version": "0.2.6"}, {"status": "affected", "version": "0.2.7"}, {"status": "affected", "version": "0.2.8"}, {"status": "affected", "version": "0.2.9"}, {"status": "affected", "version": "0.2.10"}, {"status": "affected", "version": "0.2.11"}, {"status": "affected", "version": "0.2.12"}, {"status": "affected", "version": "0.2.13"}]}], "timeline": [{"lang": "en", "time": "2025-10-08T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-10-08T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-10-08T12:46:24.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.327606", "name": "VDB-327606 | wonderwhy-er DesktopCommanderMCP filesystem.ts isPathAllowed symlink", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.327606", "name": "VDB-327606 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.668004", "name": "Submit #668004 | wonderwhy-er DesktopCommanderMCP 0.2.13 wonderwhy-er", "tags": ["third-party-advisory"]}, {"url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/219", "tags": ["issue-tracking"]}, {"url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/219#issuecomment-3214114903", "tags": ["issue-tracking"]}, {"url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/219#issue-3343862329", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The attack's complexity is rated as high. It is stated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The vendor explains: \"Our restriction features are designed as guardrails for LLMs to help them stay closer to what users want, rather than hardened security boundaries. (...) For users where security is a top priority, we continue to recommend using Desktop Commander with Docker, which provides actual isolation. (...) We'll keep this issue open for future consideration if we receive more user demand for improved restrictions.\" This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "de", "value": "In wonderwhy-er DesktopCommanderMCP up to 0.2.13 wurde eine Schwachstelle gefunden. Hiervon betroffen ist die Funktion isPathAllowed der Datei src/tools/filesystem.ts. Mittels Manipulieren mit unbekannten Daten kann eine symlink following-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Sie gilt als schwierig auszunutzen. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-61", "description": "Symlink Following"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-59", "description": "Link Following"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-10-08T18:02:11.266Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11489", "state": "PUBLISHED", "dateUpdated": "2025-10-08T18:31:28.150Z", "dateReserved": "2025-10-08T10:41:17.305Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-10-08T18:02:11.266Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cna@vuldb.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The attack's complexity is rated as high. It is stated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The vendor explains: \"Our restriction features are designed as guardrails for LLMs to help them stay closer to what users want, rather than hardened security boundaries. (...) For users where security is a top priority, we continue to recommend using Desktop Commander with Docker, which provides actual isolation. (...) We'll keep this issue open for future consideration if we receive more user demand for improved restrictions.\" This vulnerability only affects products that are no longer supported by the maintainer."}], "id": "CVE-2025-11489", "lastModified": "2025-10-08T19:38:09.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-10-08T18:15:34.263", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/219"}, {"source": "cna@vuldb.com", "url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/219#issue-3343862329"}, {"source": "cna@vuldb.com", "url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/219#issuecomment-3214114903"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.327606"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.327606"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.668004"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}, {"lang": "en", "value": "CWE-61"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{}