CVE-2025-68144
Command Injection in mcp-server-git Allows Arbitrary File Overwrite
Publication date: 2025-12-17
Last updated on: 2026-04-14
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lfprojects | model_context_protocol_servers | to 2025.12.17 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-88 | The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in mcp-server-git versions prior to 2025.12.17, where the git_diff and git_checkout functions pass user-controlled arguments directly to git CLI commands without sanitization. This allows specially crafted inputs that look like command-line options (e.g., --output=/path/to/file) to be interpreted as options rather than git references, enabling an attacker to overwrite arbitrary files. The issue is fixed in version 2025.12.17 by adding validation to reject arguments starting with '-' and verifying that arguments resolve to valid git references before execution.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to overwrite arbitrary files on the system by passing malicious arguments to git_diff or git_checkout functions. This could lead to unauthorized modification of files, potentially compromising system integrity, causing data loss, or enabling further attacks.
What immediate steps should I take to mitigate this vulnerability?
Update mcp-server-git to version 2025.12.17 or later, as this version includes a fix that validates user arguments to prevent arbitrary file overwrites.