CVE-2025-68144
published 2025-12-17CVE-2025-68144: In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without…
PriorityP350high7.1CVSS 3.1
AVNACLPRNUIRSUCNIHAL
EPSS
7.28%
93.6th percentile
In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) would be interpreted as command-line options rather than git refs, enabling arbitrary file overwrites. The fix adds validation that rejects arguments starting with - and verifies the argument resolves to a valid git ref via rev_parse before execution. Users are advised to update to 2025.12.17 resolve this issue when it is released.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lfprojects | model_context_protocol_servers | < 2025.12.17 | 2025.12.17 |
| modelcontextprotocol | servers | < 2025.12.17 | 2025.12.17 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
nvdv4.06.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files
osv·2025-12-17
CVE-2025-68144 [MEDIUM] mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files
mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files
In mcp-server-git versions prior to 2025.12.18, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) would be interpreted as command-line options rather than git refs, enabling arbitrary file overwrites. The fix adds validation that rejects arguments starting with - and verifies the argument resolves to a valid git ref via rev_parse before execution. Users are advised to update to 2025.12.18 resolve this issue.
Thank you to https://hackerone.com/yardenporat for reporting.
GHSA
mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files
ghsa·2025-12-17
CVE-2025-68144 [MEDIUM] CWE-88 mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files
mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files
In mcp-server-git versions prior to 2025.12.18, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) would be interpreted as command-line options rather than git refs, enabling arbitrary file overwrites. The fix adds validation that rejects arguments starting with - and verifies the argument resolves to a valid git ref via rev_parse before execution. Users are advised to update to 2025.12.18 resolve this issue.
Thank you to https://hackerone.com/yardenporat for reporting.
No detection rules found.
No public exploits indexed.
Checkpoint
26th January – Threat Intelligence Report
blogs_checkpoint·2026-01-26
CVE-2025-68143 26th January – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 26th January – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 26th January, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
RansomHub ransomware group has claimed responsibility for a cyber-attack on Luxshare, an electronics manufacturer of Apple, Nvidia, LG, Tesla, and others. The threat actors claimed access to 3D CAD models, circuit board designs, and engineering documentation. The company has not yet confirmed the breach.
Check Point Threa
Wiz
CVE-2025-68144 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
CVE-2025-68144 [MEDIUM] CVE-2025-68144 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68144 :
Python vulnerability analysis and mitigation
--output=/path/to/file
git_diff
Source : NVD
## 6.3
Score
Published December 17, 2025
Severity MEDIUM
CNA Score 6.3
Affected Technologies
Python
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 30.7
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
mcp-server-git
Sources
NVD
pip Severity MEDIUM Has Fix Added at: Dec 18, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Python vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
2025-12-17
Published