关键漏洞信息 CVE ID: CVE-2025-66689 Summary: A path traversal vulnerability in Pal MCP Server's file reading functionality allows users to read arbitrary files on the system in versions < 9.8.2v. Vulnerable Code Location: File: utils/security_config.py - only checks exact string matches and does not block subdirectories. File: utils/file_utils.py - The function calls but only does an exact match, making the validation insufficient. Root Cause: 1. Exact String Matching: The check for blocks access to but not . 2. Blacklist Approach: Cannot anticipate all dangerous paths. 3. No Subdirectory Check: Missing logic to verify if a path is under a dangerous directory. Attack Flow: 1. User Input (chat tool) → SimpleTool.execute() → prepare_prompt() → read_files() → read_file_content() 2. calls which is bypassed. 3. results in arbitrary file read. PoC: Successfully read the hosts file ( ) by bypassing the blacklist check. Who is Impacted: All Pal MCP Server users running versions prior to 9.8.2 with tools that accept file path inputs enabled. Patch Information: Fixed in version 9.8.2 of Pal MCP Server. Upgrade recommended. References: https://cwe.mitre.org/data/definitions/22.html https://cwe.mitre.org/data/definitions/552.html Reported by: Team off-course (K-Shield Jr 15th)