Anthropic patches critical vulnerabilities in Git MCP server
Overview
Anthropic has addressed several critical vulnerabilities found in their Git MCP server, identified by the AI security startup Cyata. The issues include a path validation bypass (CVE-2025-68145), an unrestricted git_init problem (CVE-2025-68143), and an argument injection vulnerability in git_diff (CVE-2025-68144). These vulnerabilities could potentially allow attackers to manipulate Git operations, which could compromise the integrity of code repositories. It is essential for users of the Git MCP server to apply the latest patches to ensure their systems are secure against these threats, as failure to do so may expose them to exploitation. Users are urged to stay informed about these vulnerabilities and take necessary actions to protect their environments.
Key Takeaways
- Affected Systems: Git MCP server by Anthropic
- Action Required: Users should apply the latest patches released by Anthropic to address the vulnerabilities.
- Timeline: Newly disclosed
Original Article Summary
The vulnerabilities, discovered by the AI security startup Cyata, include a path validation bypass (CVE-2025-68145), an unrestricted git_init issue (CVE-2025-68143), and an argument injection in git_diff (CVE-2025-68144).
Impact
Git MCP server by Anthropic
Exploitation Status
No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.
Timeline
Newly disclosed
Remediation
Users should apply the latest patches released by Anthropic to address the vulnerabilities. Specific patch numbers or versions were not mentioned, so it is advisable to check for updates from the vendor.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to CVE, Vulnerability, Critical, and 1 more.