CVE-2025-68143
📋 TL;DR
The git_init tool in mcp-server-git versions prior to 2025.9.25 allowed arbitrary filesystem path creation of Git repositories without validation. This could enable attackers to create repositories in unauthorized directories, potentially leading to data exposure or manipulation. Users running vulnerable versions of mcp-server-git are affected.
💻 Affected Systems
- mcp-server-git
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could create Git repositories in sensitive system directories, potentially leading to privilege escalation, data corruption, or unauthorized access to restricted files.
Likely Case
Unauthorized Git repository creation in accessible directories, potentially exposing sensitive data or disrupting existing workflows.
If Mitigated
Limited impact with proper access controls and network segmentation, restricting the server's filesystem access.
🎯 Exploit Status
Exploitation requires access to the git_init tool functionality and appropriate filesystem permissions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2025.9.25 or newer
Vendor Advisory: https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-5cgr-j3jf-jw3v
Restart Required: Yes
Instructions:
1. Upgrade mcp-server-git to version 2025.9.25 or newer. 2. Restart the MCP server process. 3. Verify the git_init tool is no longer present.
🔧 Temporary Workarounds
Remove git_init tool
allManually remove or disable the git_init tool from the mcp-server-git installation.
# Locate and remove git_init binary or disable its execution
Restrict filesystem access
allRun the MCP server with minimal filesystem permissions using containerization or restricted user accounts.
# Run as non-privileged user
# Use Docker with read-only volumes where possible
🧯 If You Can't Patch
- Disable or remove the git_init tool functionality entirely
- Implement strict access controls and run the server with minimal filesystem permissions
🔍 How to Verify
Check if Vulnerable:
Check if mcp-server-git version is older than 2025.9.25 and if git_init tool is present/accessible.Check Version:
Check package version or consult server documentation for version informationVerify Fix Applied:
Confirm version is 2025.9.25 or newer and git_init tool is no longer functional or present.📡 Detection & Monitoring
Log Indicators:
- Unexpected git_init tool usage
- Git repository creation in unusual directories
Network Indicators:
- Unusual MCP protocol requests to git_init functionality
SIEM Query:
Search for git_init tool execution or unexpected Git repository creation events