Data Security, Security Operations, AI/ML, Vulnerability Management, Patch/Configuration Management

Anthropic patches critical vulnerabilities in Git MCP server

Anthropic has addressed three critical bugs in its official Git MCP server that could be chained with other MCP tools to enable remote code execution or file overwrites through prompt injection, according to a recent report by The Register.

The vulnerabilities, discovered by the AI security startup Cyata, include a path validation bypass (CVE-2025-68145), an unrestricted git_init issue (CVE-2025-68143), and an argument injection in git_diff (CVE-2025-68144). These flaws, affecting default deployments of mcp-server-git prior to December 18, 2025, could allow attackers to exploit the Git MCP server in conjunction with the Filesystem MCP server. This chain enables malicious actors to execute arbitrary code or overwrite files by manipulating AI tools like Copilot and Cursor, which connect to Git repositories via the Model Context Protocol (MCP). The attack typically involves indirect prompt injection, where malicious commands are hidden in sources like README files or GitHub issues.

The discovery highlights the growing security risks associated with complex agentic AI systems that integrate multiple tools. Security teams must now assess the combined permissions and potential interactions of entire agentic systems, rather than individual components, to effectively mitigate risks and ensure trust is verified and controlled.

Source: The Register

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds