PT-2025-51936 · Unknown · Git-Mcp-Server

Yardenporat

·

Published

2025-12-17

·

Updated

2026-02-25

·

CVE-2025-68143

CVSS v4.0
6.5
VectorAV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2025.9.25 mcp-server-git versions prior to 2025.12.18
Description The Model Context Protocol Servers, specifically the mcp-server-git component, contains a flaw in the 
git init
tool. Prior to version 2025.9.25, this tool permitted the creation of Git repositories at arbitrary filesystem locations without proper validation. This allowed operation on any directory accessible to the server process, potentially enabling subsequent git operations on those directories. The tool has been removed in later versions as the server is intended to operate on existing repositories only. Exploitation of this issue, in conjunction with the Filesystem MCP server, could lead to unauthorized file access and potential remote code execution. The issue can be triggered through prompt injection via malicious content such as README files or issues.
Recommendations mcp-server-git versions prior to 2025.9.25: Upgrade to version 2025.9.25 or newer. mcp-server-git versions prior to 2025.12.18: Upgrade to version 2025.12.18 or newer.

Exploit

Fix

RCE

Path traversal

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-68143
GHSA-5CGR-J3JF-JW3V

Affected Products

Git-Mcp-Server