CVE-2025-68145
📋 TL;DR
This vulnerability allows mcp-server-git instances configured with the --repository flag to bypass path restrictions and perform git operations on unauthorized repositories accessible to the server process. It affects all users running mcp-server-git versions before 2025.12.17 with repository path restrictions enabled. The issue stems from improper path validation when processing tool calls.
💻 Affected Systems
- mcp-server-git
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read, modify, or delete source code in any repository accessible to the server process, potentially exposing sensitive intellectual property or credentials stored in git repositories.
Likely Case
Unauthorized access to other repositories within the same filesystem, allowing information disclosure or modification of source code in adjacent projects.
If Mitigated
With proper network segmentation and minimal permissions, impact would be limited to repositories already accessible to the service account.
🎯 Exploit Status
Exploitation requires ability to make tool calls to the mcp-server-git instance
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2025.12.17
Vendor Advisory: https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-j22h-9j4x-23w5
Restart Required: Yes
Instructions:
1. Stop the mcp-server-git service. 2. Upgrade to version 2025.12.17 or later using your package manager or by downloading from GitHub. 3. Restart the service.
🔧 Temporary Workarounds
Run without repository restrictions
allRemove --repository flag to avoid the vulnerable configuration, but this eliminates intended security controls
Use container isolation
allRun mcp-server-git in a container with only the intended repository mounted
🧯 If You Can't Patch
- Run mcp-server-git with minimal filesystem permissions using chroot or containerization
- Monitor for unexpected git operations outside the intended repository path
🔍 How to Verify
Check if Vulnerable:
Check if running mcp-server-git version earlier than 2025.12.17 with --repository flagCheck Version:
mcp-server-git --versionVerify Fix Applied:
Verify version is 2025.12.17 or later and test that path validation prevents operations outside configured repository📡 Detection & Monitoring
Log Indicators:
- Git operations on paths outside the configured --repository directory
- Failed path validation attempts in server logs
Network Indicators:
- Unusual git operation patterns from mcp-server-git instances
SIEM Query:
source="mcp-server-git" AND (operation="git" AND NOT path STARTSWITH "/configured/repository/path")