- Anthropic patched bugs in Git MCP that allowed remote code execution via tool chaining
- Cyata discovered CVE; fixed in version 2025.12.18, no exploit reported yet
- Claude was previously manipulated into a cyberespionage campaign targeting major global organizations.
Anthropic, the company behind the popular Claude AI model, has fixed multiple bugs in its MCP Git server that researchers say can be chained with other MCP tools to enable remote code execution (RCE) or file manipulation via fast injection.
The MCP Git Server is Anthropic’s Model Context Protocol service that allows AI tools to read and interact with Git repositories. It is important because it allows AI to understand real code bases or answer coding questions without insecure or unrestricted access.
The bugs were found by Agentic AI security startup Cyata, and are as follows:
Path Validation Bypass Bug (CVE-2025-68145)
Unrestricted git_init issue (CVE-2025-68143)
Argument injection into git_diff (CVE-2025-68144).
Set in December
The researchers said that by chaining the MCP Git server with the MCP Filesystem server, they were able to execute arbitrary code remotely.
“Agent systems break in unexpected ways when multiple components interact. Each MCP server may seem secure in isolation, but combine two of them, Git and Filesystem in this case, and you get a toxic combination,” Cyata said. The Registry.
“As organizations adopt more complex agent systems with multiple tools and integrations, these combinations will multiply.”
Cyata reported the bug last June and Anthropic fixed it in December 2025. The Registry says. Users should ensure they are running version 2025.12.18. So far, there is no evidence that the bugs were being exploited in the wild.
Artificial intelligence promises major disruptions across industries. As such, companies are rushing to implement it, leaving all kinds of vulnerabilities that different cybercriminals can exploit.
In mid-November 2025, Anthropic said that Claude was being used, in an agent capacity, not only as an advisor, but also to execute a cyberattack itself. The company said a highly sophisticated cyber espionage campaign manipulated Anthropic’s Claude Code tool in an attempt to infiltrate approximately 30 global targets, primarily targeting large technology companies, government agencies and financial institutions.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
