CVE-2025-68144
mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files
Description
In mcp-server-git versions prior to 2025.12.18, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) would be interpreted as command-line options rather than git refs, enabling arbitrary file overwrites. The fix adds validation that rejects arguments starting with - and verifies the argument resolves to a valid git ref via rev_parse before execution. Users are advised to update to 2025.12.18 resolve this issue. Thank you to https://hackerone.com/yardenporat for reporting.
How to fix CVE-2025-68144
To remediate CVE-2025-68144, upgrade the affected package to a fixed version below.
- —upgrade to 2025.12.18 or later
Is CVE-2025-68144 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2025.12.18
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:L |