PT-2025-28863 · Git +9 · Git +9

Avih

Published

2025-01-01

Updated

2025-08-12

CVE-2025-27614

Report an issue

CVSS v3.1

8.6

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

**Name of the Vulnerable Software and Affected Versions:**

Gitk versions 2.41.0 through 2.43.6

Git versions 2.50.1-alt1

**Description:**

Gitk, a Tcl/Tk based Git history browser, contains a flaw where a crafted Git repository can be used to trick a user into executing arbitrary scripts with their user privileges via the `gitk filename` command. This is possible due to a lack of sanitization of special elements. Exploitation requires social engineering.

**Recommendations:**

Update Gitk to version 2.43.7 or later.

Update Git to version 2.50.1-alt1.

Fix

RCE

OS Command Injection

Weakness Enumeration

CWE-78

Related Identifiers

ALSA-2025:11462

ALSA-2025:11533

ALSA-2025:11534

ALT-PU-2025-9640

BDU:2025-09363

CESA-2025_11534

CVE-2025-27614

GHSA-G4V5-FJV9-MHHC

OPENSUSE-SU-2025:15337-1

RHSA-2025_11462

RHSA-2025_11534

USN-7626-1

USN-7626-2

USN-7626-3

Affected Products

Alt Linux

Almalinux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

Git

PT-2025-28863 · Git +9 · Git +9

Weakness Enumeration

Related Identifiers

Affected Products

References · 88