CVE-2025-68145
Unknown Unknown - Not Provided
Path Traversal in mcp-server-git Allows Unauthorized Repository Access

Publication date: 2025-12-17

Last updated on: 2026-04-14

Assigner: GitHub, Inc.

Description
In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that configured path. This could allow tool calls to operate on other repositories accessible to the server process. The fix adds path validation that resolves both the configured repository and the requested path (following symlinks) and verifies the requested path is within the allowed repository before executing any git operations. Users are advised to upgrade to 2025.12.17 upon release to remediate this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-17
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2025-12-18
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68145
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
lfprojects model_context_protocol_servers to 2025.12.18 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in mcp-server-git versions prior to 2025.12.17 when the server is started with the --repository flag to restrict operations to a specific repository path. The server did not properly validate that repo_path arguments in subsequent tool calls were within the configured repository path. As a result, tool calls could operate on other repositories accessible to the server process, potentially allowing unauthorized access or operations on those repositories. The issue is fixed by adding path validation that resolves both the configured repository and the requested path (including following symlinks) to ensure the requested path is within the allowed repository before executing any git operations.

Impact Analysis

This vulnerability can allow unauthorized operations on repositories other than the intended restricted repository. An attacker or user could exploit this to access or modify other repositories accessible to the server process, potentially leading to unauthorized data access, data modification, or disruption of repository integrity.

Mitigation Strategies

Users are advised to upgrade mcp-server-git to version 2025.12.17 or later to remediate this issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68145. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart