Anthropic fixes three high-risk vulnerabilities in the MCP Git server, involving arbitrary file access and remote code execution.

PA一线
PA一线

PANews reported on January 21 that, according to The Hacker News, Cyata researchers disclosed three serious security vulnerabilities (CVE-2025-68143/44/45) in the mcp-server-git server maintained by Anthropic. These vulnerabilities can be exploited to traverse execution paths and inject parameters, potentially even enabling remote code execution. These vulnerabilities can be weaponized through prompt injection, allowing attackers to trigger attacks simply by controlling an AI assistant to read malicious content. The vulnerabilities have been patched in the September and December 2025 versions. The official git_init tool has been removed, and path verification has been strengthened. Users are advised to update to the latest version as soon as possible.

Share to:

Author: PA一线

This content is for market information only and is not investment advice.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
PA一线

PA一线

Moltbook's database was leaked due to a configuration issue: exposing 4.75 million records, including 1.5 million API authorization tokens.
PA一线

PA一线

Doubao Mobile issued a statement regarding adjustments to its AI-powered phone operation capabilities, which will restrict the use of financial applications.
Joy

Joy

Interview with Jessie Zhang, Head of ZetaChain: Reclaiming Humanity's Right to Think Amidst Decentralization and AI
PA一线

PA一线

Animoca Brands and Ethoswarm launch Animoca Minds to drive the agency economy.
PA荐读

PA荐读

The golden age of Vibe Coding: Open source is quietly dying.
项目动态

项目动态

MEET48 has burned 30% of the total voting proceeds from the second "MEET48 Best7" competition, using IDOL tokens to further strengthen its community.

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe