N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-68145

CVE-2025-68145: mcp-server-git has missing path validation when using --repository flag

In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that configured path. This could allow tool calls to operate on other repositories accessible to the server process. The fix adds path validation that resolves both the configured repository and the requested path (following symlinks) and verifies the requested path is within the allowed repository before executing any git operations. Users are advised to upgrade to 2025.12.17 upon release to remediate this issue.

Thank you to https://hackerone.com/yardenporat for reporting.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-68145

CVE-2025-68145:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
mcp-server-git	pip	<= 2025.11.25

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is a path traversal issue in mcp-server-git. When the server is started with a --repository flag to restrict file operations to a specific directory, this restriction was not enforced. The call_tool function in src/git/src/mcp_server_git/server.py is responsible for handling all git-related tool calls. This function receives a repo_path argument from the client. In vulnerable versions, this repo_path was used to instantiate a git.Repo object without being validated against the configured repository path. This allowed an attacker to specify a path to any git repository on the server's filesystem, bypassing the intended restriction. The vulnerability was fixed by introducing the validate_repo_path function and calling it at the beginning of call_tool to ensure the requested repo_path is within the allowed directory. Therefore, call_tool is the vulnerable function as it's the entry point for the malicious input and where the security check was missing.

Vulnerable functions

mcp_server_git.server.serve.<locals>.call_tool

src/git/src/mcp_server_git/server.py

The `call_tool` function is the central dispatcher for all git-related operations. It receives the `repo_path` as part of the tool arguments from the client. The vulnerability is that this function failed to validate that the provided `repo_path` was within the repository directory specified by the `--repository` command-line argument. This allowed an attacker to craft a tool call with a path like `../../../../another/repo` to operate on other git repositories accessible by the server process, thus leading to a path traversal vulnerability.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-68145: mcp-server-git has missing path validation when using --repository flag

CVE-2025-68145:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

N/A

N/A

Technical Details

CVE-2025-68145: mcp-server-git has missing path validation when using --repository flag

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI