High severity8.8NVD Advisory· Published Dec 17, 2025· Updated Apr 14, 2026

CVE-2025-68143

Description

Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2025.9.25, the git_init tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, git_init could operate on any directory accessible to the server process, making those directories eligible for subsequent git operations. The tool was removed entirely, as the server is intended to operate on existing repositories only. Users are advised to upgrade to 2025.9.25 or newer to remediate this issue.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
mcp-server-gitPyPI	< 2025.9.25	2025.9.25

Affected products

Lfprojects/Model Context Protocol Servers
cpe:2.3:a:lfprojects:model_context_protocol_servers:*:*:*:*:*:*:*:*
Range: <2025.9.25

Patches

eac56e7bcde4

refactor: remove redundant initialization functionality

https://github.com/modelcontextprotocol/serversAonan GuanSep 24, 2025via ghsa

commit

1 file changed · +5 −23

src/git/src/mcp_server_git/server.py+5 −23 modified

@@ -70,8 +70,7 @@ class GitShow(BaseModel):
     repo_path: str
     revision: str
 
-class GitInit(BaseModel):
-    repo_path: str
+
 
 class GitBranch(BaseModel):
     repo_path: str = Field(
@@ -104,7 +103,7 @@ class GitTools(str, Enum):
     CREATE_BRANCH = "git_create_branch"
     CHECKOUT = "git_checkout"
     SHOW = "git_show"
-    INIT = "git_init"
+
     BRANCH = "git_branch"
 
 def git_status(repo: git.Repo) -> str:
@@ -183,12 +182,7 @@ def git_checkout(repo: git.Repo, branch_name: str) -> str:
     repo.git.checkout(branch_name)
     return f"Switched to branch '{branch_name}'"
 
-def git_init(repo_path: str) -> str:
-    try:
-        repo = git.Repo.init(path=repo_path, mkdir=True)
-        return f"Initialized empty Git repository in {repo.git_dir}"
-    except Exception as e:
-        return f"Error initializing repository: {str(e)}"
+
 
 def git_show(repo: git.Repo, revision: str) -> str:
     commit = repo.commit(revision)
@@ -308,11 +302,7 @@ async def list_tools() -> list[Tool]:
                 description="Shows the contents of a commit",
                 inputSchema=GitShow.model_json_schema(),
             ),
-            Tool(
-                name=GitTools.INIT,
-                description="Initialize a new Git repository",
-                inputSchema=GitInit.model_json_schema(),
-            ),
+
             Tool(
                 name=GitTools.BRANCH,
                 description="List Git branches",
@@ -354,15 +344,7 @@ def by_commandline() -> Sequence[str]:
     async def call_tool(name: str, arguments: dict) -> list[TextContent]:
         repo_path = Path(arguments["repo_path"])
         
-        # Handle git init separately since it doesn't require an existing repo
-        if name == GitTools.INIT:
-            result = git_init(str(repo_path))
-            return [TextContent(
-                type="text",
-                text=result
-            )]
-            
-        # For all other commands, we need an existing repo
+        # For all commands, we need an existing repo
         repo = git.Repo(repo_path)
 
         match name:

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/modelcontextprotocol/servers/commit/eac56e7bcde48fb64d5a973924d05d69a7d876e6nvdPatchWEB
github.com/advisories/GHSA-5cgr-j3jf-jw3vghsaADVISORY
github.com/modelcontextprotocol/servers/security/advisories/GHSA-5cgr-j3jf-jw3vnvdVendor AdvisoryWEB
nvd.nist.gov/vuln/detail/CVE-2025-68143ghsaADVISORY

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000