Cyata researchers have disclosed three critical security vulnerabilities in Anthropic's mcp-server-git, according to PANews. These vulnerabilities, identified as CVE-2025-68143/44/45, could be exploited for path traversal and parameter injection, potentially leading to remote code execution. Attackers could weaponize these flaws through prompt injection, requiring only control over the AI assistant to read malicious content to trigger an attack. The vulnerabilities were addressed in the September and December 2025 updates, with the removal of the git_init tool and enhanced path validation. Users are advised to update to the latest version promptly.