CVE-2025-53107

@cyanheads/git-mcp-server vulnerable to command injection in several tools

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

@cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories. Prior to version 2.1.5, there is a command injection vulnerability caused by the unsanitized use of input parameters within a call to child_process.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. The server constructs and executes shell commands using unvalidated user input directly within command-line strings. This introduces the possibility of shell metacharacter injection (|, >, &&, etc.). An MCP Client can be instructed to execute additional actions for example via indirect prompt injection when asked to read git logs. This issue has been patched in version 2.1.5.

@cyanheads/git-mcp-server es un servidor MCP diseñado para interactuar con repositorios Git. Antes de la versión 2.1.5, existía una vulnerabilidad de inyección de comandos causada por el uso no autorizado de parámetros de entrada en una llamada a child_process.exec, lo que permitía a un atacante inyectar comandos arbitrarios del sistema. Una explotación exitosa puede provocar la ejecución remota de código con los privilegios del proceso del servidor. El servidor construye y ejecuta comandos de shell utilizando entradas de usuario no validadas directamente dentro de las cadenas de la línea de comandos. Esto introduce la posibilidad de inyección de metacaracteres de shell (|, >, &&, etc.). Se puede indicar a un cliente MCP que ejecute acciones adicionales, por ejemplo, mediante la inyección indirecta de prompts cuando se le solicita que lea los registros de Git. Este problema se ha corregido en la versión 2.1.5.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2025-06-25 CVE Reserved
2025-07-01 CVE Published
2025-07-01 CVE Updated
2025-07-02 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

CAPEC

References (3)

URL	Tag	Source
https://github.com/cyanheads/git-mcp-server/commit/0dbd6995ccdf76ab770b58013034365b2d06c4d9	X_refsource_misc
https://github.com/cyanheads/git-mcp-server/releases/tag/v2.1.5	X_refsource_misc
https://github.com/cyanheads/git-mcp-server/security/advisories/GHSA-3q26-f695-pp76	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cyanheads Search vendor "Cyanheads"		Git-mcp-server Search vendor "Cyanheads" for product "Git-mcp-server"				< 2.1.5 Search vendor "Cyanheads" for product "Git-mcp-server" and version " < 2.1.5"		en		Affected