CVE-2025-68144: mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files

December 17, 2025 (updated December 20, 2025)

In mcp-server-git versions prior to 2025.12.18, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., --output=/path/to/file for git_diff) would be interpreted as command-line options rather than git refs, enabling arbitrary file overwrites. The fix adds validation that rejects arguments starting with - and verifies the argument resolves to a valid git ref via rev_parse before execution. Users are advised to update to 2025.12.18 resolve this issue.

Thank you to https://hackerone.com/yardenporat for reporting.

References

Code Behaviors & Features

Detect and mitigate CVE-2025-68144 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →