CVE-2025-68143

Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2025.9.25 mcp-server-git versions prior to 2025.12.18

Description The Model Context Protocol Servers, specifically the mcp-server-git component, contains a flaw in the

git init

tool. Prior to version 2025.9.25, this tool permitted the creation of Git repositories at arbitrary filesystem locations without proper validation. This allowed operation on any directory accessible to the server process, potentially enabling subsequent git operations on those directories. The tool has been removed in later versions as the server is intended to operate on existing repositories only. Exploitation of this issue, in conjunction with the Filesystem MCP server, could lead to unauthorized file access and potential remote code execution. The issue can be triggered through prompt injection via malicious content such as README files or issues.

Recommendations mcp-server-git versions prior to 2025.9.25: Upgrade to version 2025.9.25 or newer. mcp-server-git versions prior to 2025.12.18: Upgrade to version 2025.12.18 or newer.