High severity7.1NVD Advisory· Published Dec 17, 2025· Updated Apr 14, 2026

CVE-2025-68144

Description

In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., --output=/path/to/file for git_diff) would be interpreted as command-line options rather than git refs, enabling arbitrary file overwrites. The fix adds validation that rejects arguments starting with - and verifies the argument resolves to a valid git ref via rev_parse before execution. Users are advised to update to 2025.12.17 resolve this issue when it is released.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
mcp-server-gitPyPI	< 2025.12.18	2025.12.18

Affected products

Lfprojects/Model Context Protocol Servers
cpe:2.3:a:lfprojects:model_context_protocol_servers:*:*:*:*:*:*:*:*
Range: <2025.12.17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-9xwc-hfwc-8w59ghsaADVISORY
github.com/modelcontextprotocol/servers/security/advisories/GHSA-9xwc-hfwc-8w59nvdVendor AdvisoryWEB
nvd.nist.gov/vuln/detail/CVE-2025-68144ghsaADVISORY

News mentions

No linked articles in our index yet.

cvss	0.461
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000