PT-2025-28647 · Git +11 · Git +11

Dgl

·

Published

2025-07-08

·

Updated

2025-10-14

·

CVE-2025-48384

CVSS v3.1
8.0
VectorAV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Git versions 2.43.7 through 2.50.1
Description Git contains a link following vulnerability stemming from inconsistent handling of carriage return characters in configuration files. This flaw can lead to arbitrary file write and potential remote code execution (RCE) on Unix-like systems when cloning repositories with malicious submodules. The vulnerability is actively exploited and a proof-of-concept exploit is available. The flaw arises because Git strips trailing carriage return (CR) characters when reading configuration values but does not quote them when writing, leading to altered paths during submodule initialization and potential execution of malicious hooks. Lazarus Group is actively exploiting this vulnerability in phishing campaigns targeting the cryptocurrency sector.
Recommendations Update Git to version 2.50.1 or later.

Fix

RCE

Link Following

Weakness Enumeration

CWE-59CWE-436

Related Identifiers

ALSA-2025:11462
ALSA-2025:11533
ALSA-2025:11534
ALT-PU-2025-10893
ALT-PU-2025-9640
BDU:2025-08691
BIT-GIT-2025-48384
CESA-2025_11534
CVE-2025-48384
DLA-4323-1
GHSA-VWQX-4FM8-6QC9
INFSA-2025_11462
INFSA-2025_11534
OESA-2025-1792
OESA-2025-1793
OESA-2025-1844
OESA-2025-1845
OESA-2025-1846
OESA-2025-1847
OPENSUSE-SU-2025:15337-1
RHSA-2025:11462
RHSA-2025:11533
RHSA-2025:11534
RHSA-2025:11686
RHSA-2025:11688
RHSA-2025:11793
RHSA-2025:11794
RHSA-2025:11795
RHSA-2025:11796
RHSA-2025:11800
RHSA-2025:11801
RHSA-2025_11462
RHSA-2025_11534
SUSE-SU-2025:03012-1
SUSE-SU-2025:03022-1
USN-7626-1
USN-7626-2
USN-7626-3

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Git
Linuxmint
Apple Macos
Red Hat
Red Os
Rocky Linux
Ubuntu