According to ChainCatcher, citing The Hacker News, Cyata researchers have disclosed three serious security vulnerabilities (CVE-2025-68143/44/45) in mcp-server-git maintained by Anthropic. These vulnerabilities could be exploited to traverse execution paths, inject parameters, and even achieve remote code execution.
These vulnerabilities could be weaponized through prompt injection, allowing attackers to trigger attacks simply by controlling an AI assistant to read malicious content. The vulnerabilities were patched in the September and December 2025 versions. The official documentation has removed the git_init tool and strengthened path verification; users are advised to update to the latest version as soon as possible.
