cvedb.io
CVE-2025-68143
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2025-12-17T23:16:04.560 · Last modified 2026-06-17T09:58:37.670

Summary

Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2025.9.25, the git_init tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, git_init could operate on any directory accessible to the server process, making those directories eligible for subsequent git operations. The tool was removed entirely, as the server is intended to operate on existing repositories only. Users are advised to upgrade to 2025.9.25 or newer to remediate this issue.

Affected products

lfprojects — model_context_protocol_servers

Does this affect you?

Add your gear to cvedb and we'll alert you only when lfprojects ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.