星球日报|Jan 21, 2026 00:22
[Multiple Security Vulnerabilities Found in Anthropic's Official Git MCP Server, Allowing File Read/Write and Potential Remote Code Execution]
Odaily Planet Daily reports that three security vulnerabilities have been discovered in Anthropic's official mcp-server-git. These vulnerabilities can be exploited through prompt injection attacks, allowing attackers to trigger the vulnerabilities via malicious README files or compromised web pages without direct access to the victim's system. The vulnerabilities include: CVE-2025-68143 (Unrestricted git_init), CVE-2025-68145 (Path Validation Bypass), and CVE-2025-68144 (Parameter Injection in git_diff). When combined with the file system MCP server, these vulnerabilities enable attackers to execute arbitrary code, delete system files, or read arbitrary file contents into the context of large language models.
Cyata pointed out that due to the lack of path validation for the repo_path parameter in mcp-server-git, attackers can create Git repositories in any directory of the system. Additionally, by configuring cleanup filters in .git/config, attackers can execute Shell commands without requiring execution permissions. Anthropic assigned CVE numbers and submitted patches for these vulnerabilities on December 17, 2025. Users are advised to update mcp-server-git to version 2025.12.18 or later. (cyata)
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink