Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Futures Kickoff
Get prepared for your futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to experience risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Three Critical Vulnerabilities in mcp-server-git Anthropic Threaten Your Server System
Recent security research has revealed three serious vulnerabilities in the official mcp-server-git server owned by Anthropic that could compromise system security. An Odaily report indicates that these vulnerabilities are quite concerning because they can be triggered through very simple prompt injection attacks—just by reading a malicious README file or accessing a modified web page by the attacker.
Attack Scenarios That Do Not Require Direct Server Access
The most dangerous characteristic of these vulnerabilities is the flexibility in how they can be exploited. Attackers do not need to directly penetrate the target system. They only need to prepare malicious content that reads the language model actor, and the system will automatically trigger the vulnerability. Combining these flaws with the MCP file server creates the worst-case scenario: potential arbitrary code execution, file system deletion, or reading sensitive file contents directly into the large language model context.
Three CVE Numbers and Their Technical Descriptions
Security researchers have identified and categorized these flaws with official numbers:
CVE-2025-68143 relates to git_init lacking proper restrictions. Attackers can exploit this to initialize Git repositories in locations that should not be accessible.
CVE-2025-68145 is a bypass of path validation systems. This is the most critical flaw because it allows attackers to bypass security controls protecting system directories.
CVE-2025-68144 involves parameter injection in the git_diff command. Manipulating these parameters can alter command behavior and open the door to executing malicious commands.
How Exploitation Works via Path Validation Bypass
Research from Cyata explains the technical details of why this vulnerability is so dangerous. Since mcp-server-git does not perform strict path validation on the repo_path parameter, attackers have the freedom to create Git repositories in any directory within the system structure. Next, they can configure custom cleanup filters in .git/config, which allows executing shell commands without explicit execution permissions.
Patch Updates and Immediate Recommendations for Users
Anthropic has responded quickly to these findings. They have assigned official CVE numbers to each flaw and released patches on December 17, 2025. For users of mcp-server-git, an essential step is to update to version 2025.12.18 or later. This update includes fixes for all three previously described vulnerabilities.
Given the serious security risks to the server, updating is not just recommended but essential to ensure maximum protection against potential attacks exploiting these flaws.