{"vulnerability": "cve-2025-6814", "sightings": [{"uuid": "9e72085f-c2e1-4d6f-a3fe-351c33187f82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6814", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lt4pvzq6ll2v", "content": "", "creation_timestamp": "2025-07-04T07:30:31.096314Z"}, {"uuid": "43f12ee6-ca88-4cba-8471-1cdfe91b966f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68145", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ma7ypd6bo52c", "content": "", "creation_timestamp": "2025-12-18T01:13:20.217888Z"}, {"uuid": "32edadf2-3fc4-4dbe-8fb7-fe4c9ae20194", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68143", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ma7z2vaucw2y", "content": "", "creation_timestamp": "2025-12-18T01:19:49.051430Z"}, {"uuid": "03f74b7b-1e54-4acd-9ceb-b5d6c681146c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68144", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ma7z7entah2c", "content": "", "creation_timestamp": "2025-12-18T01:22:18.667725Z"}, {"uuid": "66eba2de-4f76-43a6-8ee9-d28431f852df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68143", "type": "seen", "source": "https://bsky.app/profile/cryptonews-poster.bsky.social/post/3mcvks7wnai24", "content": "", "creation_timestamp": "2026-01-21T01:53:22.663955Z"}, {"uuid": "23b751e8-df91-4a5d-a656-5683e38bcc42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68144", "type": "seen", "source": "https://bsky.app/profile/cryptonews-poster.bsky.social/post/3mcvks7wnai24", "content": "", "creation_timestamp": "2026-01-21T01:53:22.739699Z"}, {"uuid": "d5edb1b1-58d9-4391-95f6-7c7464d55bf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68145", "type": "seen", "source": "https://bsky.app/profile/cryptonews-poster.bsky.social/post/3mcvks7wnai24", "content": "", "creation_timestamp": "2026-01-21T01:53:22.852097Z"}, {"uuid": "608ef856-877a-43f0-98db-21f4307bc4f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68143", "type": "seen", "source": "https://bsky.app/profile/cryptovkanews.bsky.social/post/3mcvkter5ov2o", "content": "", "creation_timestamp": "2026-01-21T01:54:01.670603Z"}, {"uuid": "abc7ff93-d071-492e-8d8f-d2b57ce8ae8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68144", "type": "seen", "source": "https://bsky.app/profile/cryptovkanews.bsky.social/post/3mcvkter5ov2o", "content": "", "creation_timestamp": "2026-01-21T01:54:01.770556Z"}, {"uuid": "b5957ef2-deb2-4f82-9bfc-22b2691bf4ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68145", "type": "seen", "source": "https://bsky.app/profile/cryptovkanews.bsky.social/post/3mcvkter5ov2o", "content": "", "creation_timestamp": "2026-01-21T01:54:01.866258Z"}, {"uuid": "250bf23a-1ba1-48fc-81f1-2ea304e87e2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68143", "type": "seen", "source": "https://bsky.app/profile/cryptovka-news.bsky.social/post/3mcvkua2mmp22", "content": "", "creation_timestamp": "2026-01-21T01:54:30.263491Z"}, {"uuid": "fe5f94ed-5a85-47c4-a251-e37c953d821a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68145", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mcvrz5dlye2z", "content": "", "creation_timestamp": "2026-01-21T04:02:32.147683Z"}, {"uuid": "b391c1d0-2674-411f-a265-9e08768883da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68143", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mcvrz5dlye2z", "content": "", "creation_timestamp": "2026-01-21T04:02:32.249141Z"}, {"uuid": "da83b570-1a0d-4d69-a38c-13ae32c4ba90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68144", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mcvrz5dlye2z", "content": "", "creation_timestamp": "2026-01-21T04:02:32.326399Z"}, {"uuid": "d9b963b9-0453-48a9-9e17-9c9636bccd6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68141", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mcxlwe45qg2t", "content": "", "creation_timestamp": "2026-01-21T21:18:54.517235Z"}, {"uuid": "20d24d1c-3bf3-454a-9dad-30e4e8fdf59f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68140", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mcxmrwxuqp2c", "content": "", "creation_timestamp": "2026-01-21T21:34:20.187528Z"}, {"uuid": "372b139a-322f-4bcc-b92a-f86ab6ee3ee8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68147", "type": "published-proof-of-concept", "source": "Telegram/LegeDtMxRTlSxU-E4vRWPyR6r8eVZBSkTQd0bvp4AR24yPQ", "content": "", "creation_timestamp": "2025-12-17T21:00:04.000000Z"}, {"uuid": "2e728064-94b0-42ba-9814-76f1fd1d0a7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68145", "type": "seen", "source": "Telegram/ylyKsnGn7IUGtPSj_SQJxYkLCLx52u0woajEqQVy7zzhnhE", "content": "", "creation_timestamp": "2026-04-14T17:27:59.000000Z"}, {"uuid": "e14a0d0b-701b-46c0-a976-9b3a6c11482d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68145", "type": "seen", "source": "Telegram/X69Hoh6_4i7djUBejuAQijXCf66Jnc_uFnYRKez2YtZF33U", "content": "", "creation_timestamp": "2026-04-14T17:27:49.000000Z"}, {"uuid": "85f0370b-65f9-4233-b059-07be242f5951", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68144", "type": "seen", "source": "Telegram/X69Hoh6_4i7djUBejuAQijXCf66Jnc_uFnYRKez2YtZF33U", "content": "", "creation_timestamp": "2026-04-14T17:27:49.000000Z"}, {"uuid": "b2739ee6-4736-4a14-aefa-351fe09985b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68143", "type": "seen", "source": "Telegram/X69Hoh6_4i7djUBejuAQijXCf66Jnc_uFnYRKez2YtZF33U", "content": "", "creation_timestamp": "2026-04-14T17:27:49.000000Z"}, {"uuid": "6c93062f-a130-47b8-a9e2-3105934f3461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-68142", "type": "published-proof-of-concept", "source": "https://github.com/facelessuser/pymdown-extensions/security/advisories/GHSA-r6h4-mm7h-8pmq", "content": "", "creation_timestamp": "2025-12-15T22:07:58.000000Z"}, {"uuid": "0bd614b0-a89d-4c10-b9c3-5fc3fbb9bf28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-68146", "type": "published-proof-of-concept", "source": "https://github.com/tox-dev/filelock/security/advisories/GHSA-w853-jp5j-5j7f", "content": "", "creation_timestamp": "2025-12-15T23:55:35.000000Z"}, {"uuid": "d7040f4f-270c-4b60-90cf-6af0d6094c94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68143", "type": "seen", "source": "https://t.me/codeby_sec/10171", "content": "43% MCP-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043a \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f\u043c \u043a\u043e\u043c\u0430\u043d\u0434. \u0410 \u0432\u0430\u0448 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0442\u043e \u043f\u043e\u0441\u0442\u0430\u0432\u0438\u043b \u0435\u0449\u0451 \u043e\u0434\u0438\u043d\n\n\u0417\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043f\u043e\u043b\u0433\u043e\u0434\u0430 MCP-\u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0441\u0442\u0430\u043b\u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e\u0439 \u0447\u0430\u0441\u0442\u044c\u044e \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432. Cursor, Claude Desktop, \u043a\u0430\u0441\u0442\u043e\u043c\u043d\u044b\u0435 \u043f\u0440\u043e\u043a\u0441\u0438 \u043a \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c API \u2014 \u0432\u0441\u0451 \u044d\u0442\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0437\u0430 \u043c\u0438\u043d\u0443\u0442\u0443 \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u043f\u0440\u044f\u043c\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u043c \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u0441\u0435\u0442\u0435\u0432\u044b\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c \u0445\u043e\u0441\u0442\u0430. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u044d\u0442\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u043f\u043e\u0447\u0442\u0438 \u043d\u0438\u043a\u043e\u0433\u0434\u0430 \u043d\u0435 \u043f\u0440\u043e\u0445\u043e\u0434\u044f\u0442 security review.\n\n\ud83d\udd0d \u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Equixly, \u043a\u0430\u0440\u0442\u0438\u043d\u0430 \u0442\u0430\u043a\u0430\u044f: 43% \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 MCP-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442 command injection, 30% \u2014 SSRF, 22% \u2014 path traversal. \u0418 \u044d\u0442\u043e \u043d\u0435 \u044d\u043a\u0437\u043e\u0442\u0438\u043a\u0430 \u2014 \u044d\u0442\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0441\u0442\u0430\u0432\u044f\u0442 \u0434\u043e\u0431\u0440\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043a\u0430\u0436\u0434\u044b\u0439 \u0434\u0435\u043d\u044c.\n\n\u041f\u043e\u0447\u0435\u043c\u0443 \u044d\u0442\u043e \u043e\u043f\u0430\u0441\u043d\u043e? MCP-\u0441\u0435\u0440\u0432\u0435\u0440 \u043f\u043e \u0441\u0443\u0442\u0438 \u2014 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 API \u0441 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a shell-\u043a\u043e\u043c\u0430\u043d\u0434\u0430\u043c. \u0421\u043f\u0435\u0446\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442 OAuth 2.0, \u043d\u043e \u043d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u0441\u044f \u0431\u0435\u0437 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0432\u043e\u043e\u0431\u0449\u0435. \u0412\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 \u2014 \u043d\u0430 \u0441\u043e\u0432\u0435\u0441\u0442\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430. \u0410 \u0433\u043b\u0430\u0432\u043d\u043e\u0435: MCP-\u0441\u0435\u0440\u0432\u0435\u0440 \u043c\u043e\u0436\u043d\u043e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e, \u043c\u0438\u043d\u0443\u044f LLM. \u041a\u0442\u043e \u0434\u043e\u0431\u0440\u0430\u043b\u0441\u044f \u0434\u043e \u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442\u0430 \u2014 \u0448\u043b\u0451\u0442 JSON-RPC-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043a \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u043c \u0431\u0435\u0437 \u043a\u0430\u043a\u043e\u0433\u043e-\u043b\u0438\u0431\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f.\n\n\u26a1 \u0421\u0432\u0435\u0436\u0438\u0439 \u043f\u0440\u0438\u043c\u0435\u0440 \u2014 \u0442\u0440\u0438 CVE \u0432 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c mcp-server-git. \u041e\u0434\u043d\u0430 \u0438\u0437 \u043d\u0438\u0445 (CVE-2025-68143) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0447\u0435\u0440\u0435\u0437 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 git_init \u043f\u0440\u0435\u0432\u0440\u0430\u0442\u0438\u0442\u044c \u043b\u044e\u0431\u0443\u044e \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044e \u0432 git-\u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0439, \u0430 \u0437\u0430\u0442\u0435\u043c \u0447\u0438\u0442\u0430\u0442\u044c \u0438\u0437 \u043d\u0435\u0451 \u0444\u0430\u0439\u043b\u044b \u0447\u0435\u0440\u0435\u0437 git show. \u0420\u0435\u0448\u0435\u043d\u0438\u0435 \u043e\u0442 \u043c\u0435\u0439\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432? \u041f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0443\u0434\u0430\u043b\u0438\u043b\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0438\u0437 \u043a\u043e\u0434\u043e\u0432\u043e\u0439 \u0431\u0430\u0437\u044b. \u0414\u0440\u0443\u0433\u0430\u044f (CVE-2025-68144) \u2014 argument injection: \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b git_diff \u0438 git_checkout \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u043b\u0438\u0441\u044c \u0432 CLI \u0431\u0435\u0437 \u0441\u0430\u043d\u0438\u0442\u0438\u0437\u0430\u0446\u0438\u0438. \u0417\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0432\u0440\u043e\u0434\u0435 --output=/etc/passwd \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u043a\u0430\u043a \u043e\u043f\u0446\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438.\n\n\u041a\u0430\u0436\u0434\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u2014 CVSS 6.3\u20136.5, \u0441\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c. \u041d\u043e \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0435 \u0441 prompt injection \u0438\u043c\u043f\u0430\u043a\u0442 \u0432\u043e\u0437\u0440\u0430\u0441\u0442\u0430\u0435\u0442 \u043a\u0440\u0430\u0442\u043d\u043e: \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u044f \u0432 README \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u0437\u0430\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 LLM \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442, \u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0436\u043c\u0451\u0442 \u00ab\u0420\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c\u00bb \u043d\u0430 \u0430\u0432\u0442\u043e\u043f\u0438\u043b\u043e\u0442\u0435 \u2014 \u0434\u0435\u0441\u044f\u0442\u043a\u0438 \u0440\u0430\u0437 \u0432 \u0434\u0435\u043d\u044c.\n\n\ud83c\udfaf \u0421 \u0442\u043e\u0447\u043a\u0438 \u0437\u0440\u0435\u043d\u0438\u044f kill chain MCP-\u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u0441\u0440\u0430\u0437\u0443 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u044d\u0442\u0430\u043f\u043e\u0432:\n\n\u2022 Initial Access \u2014 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u043d\u0430 Streamable HTTP \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438\n\u2022 Execution \u2014 command injection \u0447\u0435\u0440\u0435\u0437 tool-\u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b\n\u2022 Credential Access \u2014 \u0447\u0442\u0435\u043d\u0438\u0435 .env, SSH-\u043a\u043b\u044e\u0447\u0435\u0439, API-\u0442\u043e\u043a\u0435\u043d\u043e\u0432\n\u2022 Collection \u2014 path traversal \u043a \u0438\u0441\u0445\u043e\u0434\u043d\u0438\u043a\u0430\u043c \u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0430\u043c CI/CD\n\n\u0421\u0430\u043c\u044b\u0439 \u0440\u0435\u0430\u043b\u0438\u0441\u0442\u0438\u0447\u043d\u044b\u0439 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0439 \u2014 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0439 \u043f\u0435\u043d\u0442\u0435\u0441\u0442 \u0438\u043b\u0438 red team \u0441 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0443 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438. \u041c\u0430\u0448\u0438\u043d\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 \u0441 MCP-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c \u2014 \u044d\u0442\u043e \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0442\u043e\u0447\u043a\u0430 \u0432\u0445\u043e\u0434\u0430, \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a \u043a\u0440\u0435\u0434\u0435\u043d\u0448\u0430\u043b\u043e\u0432 \u0438 \u043f\u043b\u0430\u0446\u0434\u0430\u0440\u043c \u0434\u043b\u044f lateral movement.\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u0441 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u043c\u0438 PoC, \u0446\u0435\u043f\u043e\u0447\u043a\u0430\u043c\u0438 \u0430\u0442\u0430\u043a \u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u043c\u0438 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u2014 \u0432 \u0441\u0442\u0430\u0442\u044c\u0435 \u043d\u0430 \u0444\u043e\u0440\u0443\u043c\u0435.\n\nhttps://codeby.net/threads/uyazvimosti-mcp-serverov-rce-ssrf-i-in-yektsii-cherez-odin-post-zapros.93746/", "creation_timestamp": "2026-06-04T15:02:10.000000Z"}, {"uuid": "e6450f76-e74c-473a-929d-97d620f6a46b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-68144", "type": "published-proof-of-concept", "source": "https://t.me/codeby_sec/10171", "content": "43% MCP-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043a \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f\u043c \u043a\u043e\u043c\u0430\u043d\u0434. \u0410 \u0432\u0430\u0448 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0442\u043e \u043f\u043e\u0441\u0442\u0430\u0432\u0438\u043b \u0435\u0449\u0451 \u043e\u0434\u0438\u043d\n\n\u0417\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043f\u043e\u043b\u0433\u043e\u0434\u0430 MCP-\u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0441\u0442\u0430\u043b\u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e\u0439 \u0447\u0430\u0441\u0442\u044c\u044e \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432. Cursor, Claude Desktop, \u043a\u0430\u0441\u0442\u043e\u043c\u043d\u044b\u0435 \u043f\u0440\u043e\u043a\u0441\u0438 \u043a \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c API \u2014 \u0432\u0441\u0451 \u044d\u0442\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0437\u0430 \u043c\u0438\u043d\u0443\u0442\u0443 \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u043f\u0440\u044f\u043c\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u043c \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u0441\u0435\u0442\u0435\u0432\u044b\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c \u0445\u043e\u0441\u0442\u0430. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u044d\u0442\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u043f\u043e\u0447\u0442\u0438 \u043d\u0438\u043a\u043e\u0433\u0434\u0430 \u043d\u0435 \u043f\u0440\u043e\u0445\u043e\u0434\u044f\u0442 security review.\n\n\ud83d\udd0d \u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Equixly, \u043a\u0430\u0440\u0442\u0438\u043d\u0430 \u0442\u0430\u043a\u0430\u044f: 43% \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 MCP-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442 command injection, 30% \u2014 SSRF, 22% \u2014 path traversal. \u0418 \u044d\u0442\u043e \u043d\u0435 \u044d\u043a\u0437\u043e\u0442\u0438\u043a\u0430 \u2014 \u044d\u0442\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0441\u0442\u0430\u0432\u044f\u0442 \u0434\u043e\u0431\u0440\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043a\u0430\u0436\u0434\u044b\u0439 \u0434\u0435\u043d\u044c.\n\n\u041f\u043e\u0447\u0435\u043c\u0443 \u044d\u0442\u043e \u043e\u043f\u0430\u0441\u043d\u043e? MCP-\u0441\u0435\u0440\u0432\u0435\u0440 \u043f\u043e \u0441\u0443\u0442\u0438 \u2014 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 API \u0441 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a shell-\u043a\u043e\u043c\u0430\u043d\u0434\u0430\u043c. \u0421\u043f\u0435\u0446\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442 OAuth 2.0, \u043d\u043e \u043d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u0441\u044f \u0431\u0435\u0437 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0432\u043e\u043e\u0431\u0449\u0435. \u0412\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 \u2014 \u043d\u0430 \u0441\u043e\u0432\u0435\u0441\u0442\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430. \u0410 \u0433\u043b\u0430\u0432\u043d\u043e\u0435: MCP-\u0441\u0435\u0440\u0432\u0435\u0440 \u043c\u043e\u0436\u043d\u043e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e, \u043c\u0438\u043d\u0443\u044f LLM. \u041a\u0442\u043e \u0434\u043e\u0431\u0440\u0430\u043b\u0441\u044f \u0434\u043e \u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442\u0430 \u2014 \u0448\u043b\u0451\u0442 JSON-RPC-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043a \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u043c \u0431\u0435\u0437 \u043a\u0430\u043a\u043e\u0433\u043e-\u043b\u0438\u0431\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f.\n\n\u26a1 \u0421\u0432\u0435\u0436\u0438\u0439 \u043f\u0440\u0438\u043c\u0435\u0440 \u2014 \u0442\u0440\u0438 CVE \u0432 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c mcp-server-git. \u041e\u0434\u043d\u0430 \u0438\u0437 \u043d\u0438\u0445 (CVE-2025-68143) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0447\u0435\u0440\u0435\u0437 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 git_init \u043f\u0440\u0435\u0432\u0440\u0430\u0442\u0438\u0442\u044c \u043b\u044e\u0431\u0443\u044e \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044e \u0432 git-\u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0439, \u0430 \u0437\u0430\u0442\u0435\u043c \u0447\u0438\u0442\u0430\u0442\u044c \u0438\u0437 \u043d\u0435\u0451 \u0444\u0430\u0439\u043b\u044b \u0447\u0435\u0440\u0435\u0437 git show. \u0420\u0435\u0448\u0435\u043d\u0438\u0435 \u043e\u0442 \u043c\u0435\u0439\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432? \u041f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0443\u0434\u0430\u043b\u0438\u043b\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0438\u0437 \u043a\u043e\u0434\u043e\u0432\u043e\u0439 \u0431\u0430\u0437\u044b. \u0414\u0440\u0443\u0433\u0430\u044f (CVE-2025-68144) \u2014 argument injection: \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b git_diff \u0438 git_checkout \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u043b\u0438\u0441\u044c \u0432 CLI \u0431\u0435\u0437 \u0441\u0430\u043d\u0438\u0442\u0438\u0437\u0430\u0446\u0438\u0438. \u0417\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0432\u0440\u043e\u0434\u0435 --output=/etc/passwd \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u043a\u0430\u043a \u043e\u043f\u0446\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438.\n\n\u041a\u0430\u0436\u0434\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u2014 CVSS 6.3\u20136.5, \u0441\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c. \u041d\u043e \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0435 \u0441 prompt injection \u0438\u043c\u043f\u0430\u043a\u0442 \u0432\u043e\u0437\u0440\u0430\u0441\u0442\u0430\u0435\u0442 \u043a\u0440\u0430\u0442\u043d\u043e: \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u044f \u0432 README \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u0437\u0430\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 LLM \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442, \u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0436\u043c\u0451\u0442 \u00ab\u0420\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c\u00bb \u043d\u0430 \u0430\u0432\u0442\u043e\u043f\u0438\u043b\u043e\u0442\u0435 \u2014 \u0434\u0435\u0441\u044f\u0442\u043a\u0438 \u0440\u0430\u0437 \u0432 \u0434\u0435\u043d\u044c.\n\n\ud83c\udfaf \u0421 \u0442\u043e\u0447\u043a\u0438 \u0437\u0440\u0435\u043d\u0438\u044f kill chain MCP-\u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u0441\u0440\u0430\u0437\u0443 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u044d\u0442\u0430\u043f\u043e\u0432:\n\n\u2022 Initial Access \u2014 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u043d\u0430 Streamable HTTP \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438\n\u2022 Execution \u2014 command injection \u0447\u0435\u0440\u0435\u0437 tool-\u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b\n\u2022 Credential Access \u2014 \u0447\u0442\u0435\u043d\u0438\u0435 .env, SSH-\u043a\u043b\u044e\u0447\u0435\u0439, API-\u0442\u043e\u043a\u0435\u043d\u043e\u0432\n\u2022 Collection \u2014 path traversal \u043a \u0438\u0441\u0445\u043e\u0434\u043d\u0438\u043a\u0430\u043c \u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0430\u043c CI/CD\n\n\u0421\u0430\u043c\u044b\u0439 \u0440\u0435\u0430\u043b\u0438\u0441\u0442\u0438\u0447\u043d\u044b\u0439 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0439 \u2014 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0439 \u043f\u0435\u043d\u0442\u0435\u0441\u0442 \u0438\u043b\u0438 red team \u0441 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0443 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438. \u041c\u0430\u0448\u0438\u043d\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 \u0441 MCP-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c \u2014 \u044d\u0442\u043e \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0442\u043e\u0447\u043a\u0430 \u0432\u0445\u043e\u0434\u0430, \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a \u043a\u0440\u0435\u0434\u0435\u043d\u0448\u0430\u043b\u043e\u0432 \u0438 \u043f\u043b\u0430\u0446\u0434\u0430\u0440\u043c \u0434\u043b\u044f lateral movement.\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u0441 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u043c\u0438 PoC, \u0446\u0435\u043f\u043e\u0447\u043a\u0430\u043c\u0438 \u0430\u0442\u0430\u043a \u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u043c\u0438 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u2014 \u0432 \u0441\u0442\u0430\u0442\u044c\u0435 \u043d\u0430 \u0444\u043e\u0440\u0443\u043c\u0435.\n\nhttps://codeby.net/threads/uyazvimosti-mcp-serverov-rce-ssrf-i-in-yektsii-cherez-odin-post-zapros.93746/", "creation_timestamp": "2026-06-04T15:02:10.000000Z"}]}