CVE-2025-53107: 
JavaScript vulnerability analysis and mitigation

@cyanheads/git-mcp-server, prior to version 2.1.5, contained a command injection vulnerability (CVE-2025-53107) discovered in June 2025. The vulnerability existed in the MCP server designed to interact with Git repositories, where unsanitized input parameters within child_process.exec calls could enable arbitrary system command injection. The affected component was the server's Git operation tooling system (GitHub Advisory).

The vulnerability stemmed from the server's construction and execution of shell commands using unvalidated user input directly within command-line strings. The issue was present in multiple Git operation tools where input parameters were passed directly to child_process.exec without proper sanitization. This allowed for shell metacharacter injection using characters like |, >, &&, enabling attackers to inject additional commands. The vulnerability received a CVSS v3.1 score of 7.5 (High) with vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H (GitHub Advisory, NVD).

Successful exploitation of this vulnerability could lead to remote code execution under the server process's privileges. An attacker could execute arbitrary system commands through various Git operations, potentially compromising the system hosting the MCP server. The vulnerability was particularly concerning as it could be triggered through indirect prompt injection, such as when reading git logs (GitHub Advisory).

The vulnerability was patched in version 2.1.5 by replacing all instances of childprocess.exec with childprocess.execFile. This change ensures that user-provided input is treated as arguments rather than being executed as part of a shell command. Users are advised to upgrade to version 2.1.5 or later to mitigate the risk (GitHub Commit, GitHub Release).

The vulnerability was responsibly disclosed by security researcher @dellalibera, leading to a coordinated response from the project maintainers. The discovery highlighted the ongoing concerns about command injection vulnerabilities in developer tools and the importance of proper input sanitization (GitHub Advisory).