PT-2025-28863 · Git+11 · Git+11

Avih

Published

2025-01-01

Updated

2025-10-09

CVE-2025-27614

CVSS v3.1

8.6

High

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gitk versions 2.41.0 through 2.43.6 Git versions 2.50.1-alt1

Description Gitk, a Tcl/Tk based Git history browser, contains a flaw where a crafted Git repository can be used to trick a user into executing arbitrary scripts with their user privileges via the gitk filename command. This is possible due to a lack of sanitization of special elements. Exploitation requires social engineering.

Recommendations Update Gitk to version 2.43.7 or later. Update Git to version 2.50.1-alt1.

Exploit

Fix

RCE

DoS

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

ALSA-2025:11462

ALSA-2025:11533

ALSA-2025:11534

ALT-PU-2025-10893

ALT-PU-2025-9420

ALT-PU-2025-9640

AZL-65079

BDU:2025-09363

CESA-2025_11534

CVE-2025-27614

ECHO-4EFE-E848-A641

GHSA-G4V5-FJV9-MHHC

INFSA-2025_11462

INFSA-2025_11534

OESA-2025-1845

OESA-2025-1846

OESA-2025-1847

OPENSUSE-SU-2025:15337-1

RHSA-2025:11462

RHSA-2025:11533

RHSA-2025:11534

RHSA-2025_11462

RHSA-2025_11534

SUSE-SU-2025:03012-1

SUSE-SU-2025:03037-1

SUSE-SU-2025:20721-1

SUSE-SU-2025:20855-1

SUSE-SU-2025_03012-1

SUSE-SU-2025_03037-1

USN-7626-1

USN-7626-2

USN-7626-3

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Git

PT-2025-28863 · Git+11 · Git+11

CVE-2025-27614

Weakness Enumeration

Related Identifiers

Affected Products

References · 120