PT-2025-28647 · Git +11 · Git +11

Dgl

·

Published

2025-07-08

·

Updated

2025-11-27

·

CVE-2025-48384

CVSS v3.1
8.0
VectorAV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Git versions 2.43.7 through 2.50.1
Description Git contains a link following vulnerability stemming from inconsistent handling of carriage return characters in configuration files. This flaw allows attackers to execute arbitrary code via malicious repositories, specifically through crafted submodules. The vulnerability enables arbitrary file writes and remote code execution (RCE) on Unix-like systems. Exploitation is actively occurring, and a proof-of-concept (PoC) is available. The vulnerability affects Git CLI versions 2.50.0 and earlier on macOS and Linux. The issue arises because Git strips carriage return characters when reading config values but does not quote them when writing, leading to altered paths during submodule initialization and potential execution of malicious hooks.
Recommendations Update Git to version 2.50.1 or later.

Fix

RCE

Link Following

Weakness Enumeration

CWE-436CWE-59

Related Identifiers

ALSA-2025:11462
ALSA-2025:11533
ALSA-2025:11534
ALT-PU-2025-10893
ALT-PU-2025-9420
ALT-PU-2025-9640
BDU:2025-08691
BIT-GIT-2025-48384
CESA-2025_11534
CVE-2025-48384
DLA-4323-1
GHSA-VWQX-4FM8-6QC9
INFSA-2025_11462
INFSA-2025_11534
OESA-2025-1792
OESA-2025-1793
OESA-2025-1844
OESA-2025-1845
OESA-2025-1846
OESA-2025-1847
OPENSUSE-SU-2025:15337-1
RHSA-2025:11462
RHSA-2025:11533
RHSA-2025:11534
RHSA-2025:11686
RHSA-2025:11688
RHSA-2025:11793
RHSA-2025:11794
RHSA-2025:11795
RHSA-2025:11796
RHSA-2025:11800
RHSA-2025:11801
RHSA-2025_11462
RHSA-2025_11534
SUSE-SU-2025:03012-1
SUSE-SU-2025:03022-1
USN-7626-1
USN-7626-2
USN-7626-3

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Git
Linuxmint
Apple Macos
Red Hat
Red Os
Rocky Linux
Ubuntu