Anthropic Git MCP Server: Three Flaws Risk LLM Tampering
🔓 Researchers at Israel-based Cyata disclosed three vulnerabilities in Anthropic's official mcp-server-git that enable prompt-injection attacks to influence MCP tool calls and perform unapproved actions. The flaws affect versions prior to 2025.12.18 and are tracked as CVE-2025-68143, CVE-2025-68144, and CVE-2025-68145; together they allow arbitrary git flags, path tampering, file overwrite/deletion, and abuse of git smudge/clean filters to execute code. Cyata and interviewed experts urge an immediate update to the patched release and recommend auditing MCP deployments, restricting Git + Filesystem combinations, applying least-privilege, sanitizing inputs, and adding logging and retrospection for agent actions.
