CVE-2025-68145

CVSS v4.0

6.4

Vector

AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2025.12.17

Description The software did not properly validate repository paths when started with the --repository flag, potentially allowing tool calls to operate on repositories outside the intended restricted path. This could allow operations on other repositories accessible to the server process. The issue is resolved by adding path validation to ensure requested paths are within the allowed repository before executing git operations.

Recommendations Upgrade to version 2025.12.17.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-68145

Affected Products

Git-Mcp-Server

CVE-2025-68145

Weakness Enumeration

Related Identifiers

Affected Products

References · 6