- Anthropic patched Git MCP bugs enabling remote code execution via toolchain
- Cyata detected CVEs; fixed in version 2025.12.18, no exploit reported yet
- Claude has previously manipulated in a cyberespionage campaign targeting large global organizations
Anthropic, the company behind the popular AI model Claude, has fixed several bugs in its Git MCP server, which researchers say can be chained with other MCP tools to enable remote code execution (RCE) or file manipulation through rapid injection.
The Git MCP server is Anthropic’s Model Context Protocol service that lets AI tools read and interact with Git repositories. This is important because it allows the AI to understand real codebases or answer coding questions without insecure or unrestricted access.
The flaws were discovered by Agentic AI security startup Cyata, and are as follows:
Path Validation Bypass (CVE-2025-68145)
Unbounded git_init issue (CVE-2025-68143)
Argument injection in git_diff (CVE-2025-68144).
Corrected in December
By linking the Git MCP server with the Filesystem MCP server, the researchers said they were able to execute arbitrary code remotely.
“Agent systems break in unexpected ways when multiple components interact. Each MCP server may look secure in isolation, but combine two of them, Git and Filesystem in this case, and you get a toxic combination,” Cyata told The register.
“As organizations adopt more complex agent systems with more tools and integrations, these combinations will multiply.”
Cyata reported the bug last June and Anthropic fixed it in December 2025, The register says. Users should make sure they are running version 2025.12.18. So far, there is no evidence that the insects were exploited in the wild.
Artificial intelligence promises major disruptions across industries. As such, companies struggle to implement it, leaving all sorts of vulnerabilities for various cybercriminals to exploit.
In mid-November 2025, Anthropic said that Claude was being used in an agent capacity, not only as an advisor, but also to carry out a cyberattack in his own right. The company said a highly sophisticated cyberespionage campaign manipulated Anthropic’s Claude Code tool in an attempt to infiltrate about 30 global targets — primarily targeting large technology companies, government agencies and financial institutions.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
