CVE-2025-68143 identifies a path traversal vulnerability (CWE-22) in the modelcontextprotocol servers, specifically in the git_init tool included in versions prior to 2025.9.25. The git_init tool was designed to initialize Git repositories but failed to properly validate the filesystem paths provided by users. Unlike other tools that require an existing repository, git_init could create repositories in any directory accessible to the server process, including directories outside intended boundaries. This improper limitation of pathname allows an attacker to specify arbitrary paths, potentially creating or manipulating Git repositories in unauthorized locations. Such unauthorized repository creation can lead to subsequent malicious Git operations on sensitive directories, risking unauthorized file access, modification, or disruption. The vulnerability is remotely exploitable without authentication and requires user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:P). The scope is high, affecting the confidentiality, integrity, and availability of data managed by the server. To remediate, the vendor removed the git_init tool entirely in version 2025.9.25, aligning with the server's intended operation on existing repositories only. No public exploits have been reported, but the vulnerability presents a significant risk if exploited due to the broad filesystem access it enables.

For European organizations, this vulnerability poses a risk of unauthorized filesystem access and manipulation through the modelcontextprotocol servers. Organizations relying on these servers for software development, version control, or configuration management could face data integrity issues, unauthorized disclosure of sensitive files, or disruption of services. The ability to create Git repositories in arbitrary directories may allow attackers to implant malicious code, alter critical files, or disrupt development workflows. This could lead to intellectual property theft, compliance violations (especially under GDPR if personal data is exposed), and operational downtime. The medium severity rating reflects the balance between ease of exploitation and the potential damage. However, given the critical role of version control in software supply chains, exploitation could have cascading effects on software integrity and trustworthiness within European enterprises.

The primary mitigation is to upgrade all affected modelcontextprotocol server installations to version 2025.9.25 or later, where the git_init tool has been removed to prevent misuse. Organizations should audit their current usage of the git_init tool and ensure it is not in use or accessible. Implement strict access controls on server processes to limit filesystem permissions, minimizing the directories accessible to the server. Employ monitoring and alerting for unusual Git repository creation or modification activities, especially in non-standard directories. Conduct regular code and configuration reviews to detect unauthorized repository manipulations. Additionally, integrate security testing into the development lifecycle to catch similar path traversal issues early. Finally, maintain an inventory of software components and their versions to ensure timely patching of vulnerabilities.