CVEPublished 2025-12-17Modified 2026-04-141 article on news6 live referencesNVD data

CVE-2025-68145Lfprojects · Model_context_protocol_servers

Vulnerability data via NVD (ingested)

CVSS v3.1
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS percentile
Description

In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that configured path. This could allow tool calls to operate on other repositories accessible to the server process. The fix adds path validation that resolves both the configured repository and the requested path (following symlinks) and verifies the requested path is within the allowed repository before executing any git operations. Users are advised to upgrade to 2025.12.17 upon release to remediate this issue.

Timeline
Published 2025-12-17
Modified 2026-04-14

External references

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

More intel sources (5)

Known PoCs on GitHub (8)

webpro255/awesome-ai-agent-attacksunknown
A curated timeline of real AI agent security incidents, breaches, and vulnerabilities (2024-2026). Every entry sourced and dated.
★ 32·updated today
mcp-security-project/mcp-cve-projectunknown
The Project shares all information on MCP related CVE's published
★ 16·updated 5d ago
deconvolute-labs/deconvolutePython
Policy-as-code enforcement and observability for MCP tool calls. Wraps AI agent sessions with cryptographic integrity checks, argument-level CEL policies, and a full audit trail.
★ 7·updated 1w ago
AndrewAltimit/exploitsPython
Security research and exploit development: vulnerability analysis, exploit chain implementation, post-exploitation tradecraft, and defensive assessment tooling. Covers browser engi…
★ 6·updated 4w ago
mcpshield/mcpshieldJavaScript
Supply chain security scanner for MCP servers. Detect typosquats, CVEs, credential leaks, and dangerous permissions in your AI agent configs.
★ 5·updated 4mo ago
pathakabhi24/LLM-MCP-Security-Field-Guideunknown
The most comprehensive LLM + MCP security guide i.e. OWASP aligned, real CVEs, actionable checklists
★ 3·updated 2mo ago
KGT24k/mcp-config-guardPython
Zero-dependency MCP security linter — 54 OWASP-mapped checks, 56 malicious packages, 28 CVEs. pip install mcp-config-guard
★ 2·updated 4mo ago
mattschaller/eslint-plugin-mcp-securityTypeScript
ESLint security rules for MCP servers — catches SANDWORM_MODE credential harvesting, path traversal, command injection, and CVE patterns at dev time
★ 2·updated 3d ago