Cyber Resilience

CVE-2025-68145

Medium

Published: 17 December 2025

Published
17 December 2025
Modified
14 April 2026
KEV Added
Patch
CVSS Score v4 6.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0620 92.6th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-68145 is a medium-severity Path Traversal (CWE-22) vulnerability in Lfprojects Model Context Protocol Servers. Its CVSS base score is 6.4 (Medium).

Operationally, ranked in the top 7.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

EU & UK References

Vulnerability details

In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that configured path.…

more

This could allow tool calls to operate on other repositories accessible to the server process. The fix adds path validation that resolves both the configured repository and the requested path (following symlinks) and verifies the requested path is within the allowed repository before executing any git operations. Users are advised to upgrade to 2025.12.17 upon release to remediate this issue.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

CVEs Like This One

CVE-2025-15031Same vendor: Lfprojects
CVE-2026-29064Same vendor: Lfprojects
CVE-2026-40090Same vendor: Lfprojects
CVE-2025-11201Same vendor: Lfprojects
CVE-2026-33252Same vendor: Lfprojects
CVE-2026-34742Same vendor: Lfprojects
CVE-2026-25536Same vendor: Lfprojects
CVE-2026-0621Same vendor: Lfprojects
CVE-2026-27896Same vendor: Lfprojects
CVE-2026-7237Shared CWE-22

Affected Assets

lfprojects
model context protocol servers
≤ 2025.12.18

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References