Loading
Generated remediation guidance and an executive summary. No account required.
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2025.9.25, the git_init tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, git_init could operate on any directory accessible to the server process, making those directories eligible for subsequent git operations. The tool was removed entirely, as the server is intended to operate on existing repositories only. Users are advised to upgrade to 2025.9.25 or newer to remediate this issue.
Cite this page
CVE-2025-68143. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2025-68143
Use CWE-22, Lfprojects vendor hub and Model Context Protocol Servers product page to widen CVE-2025-68143 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-27735, CVE-2025-68145 and CVE-2025-68144 for nearby disclosures in the same product family.