- Anthropic fixed Git MCP vulnerabilities allowing remote code execution via tool chaining
- Cyata discovered the CVEs; fixed in version 2025.12.18, no exploitation reported yet
- Claude was previously manipulated as part of a cyberespionage campaign targeting major global organizations
Anthropic, the company behind the popular AI model Claude, has fixed several bugs in its MCP Git server which researchers say can be chained with other MCP tools to enable remote code execution (RCE) or file tampering via rapid injection.
The MCP Git Server is Anthropic’s Model Context Protocol service that allows AI tools to read and interact with Git repositories. This is important because it allows AI to understand real code bases or answer coding questions without dangerous or unrestricted access.
The bugs were found by Cyata, security startup Agentic AI, and are as follows:
Path Validation Bypass Vulnerability (CVE-2025-68145)
Unrestricted git_init issue (CVE-2025-68143)
Argument injection in git_diff (CVE-2025-68144).
Corrected in December
The researchers said that by chaining the Git MCP server with the Filesystem MCP server, they were able to execute arbitrary code remotely.
“Agent systems break unexpectedly when multiple components interact. Each MCP server may seem safe in isolation, but combine two of them, Git and Filesystem in this case, and you get a toxic combination,” Cyata said. The register.
“As organizations adopt more complex agentic systems with multiple tools and integrations, these combinations will multiply. »
Cyata reported the flaw last June, and Anthropic fixed it in December 2025, The register said. Users should ensure that they are running version 2025.12.18. So far, there is no evidence that the bugs have been exploited in the wild.
Artificial intelligence promises major disruptions across all industries. As such, companies are scrambling to implement it, leaving all sorts of vulnerabilities popping up for different cybercriminals to exploit.
In mid-November 2025, Anthropic said Claude was being used, as an agent, not only as an advisor, but also to execute a cyberattack himself. The company said a highly sophisticated cyberespionage campaign manipulated Anthropic’s Claude Code tool to attempt to infiltrate approximately 30 global targets, primarily targeting large technology companies, government agencies and financial institutions.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
