CVE-2025-46334

Name of the Vulnerable Software and Affected Versions: Git GUI versions prior to 2.43.7 Git GUI versions 2.43.7 through 2.44.4 Git GUI versions 2.44.4 through 2.45.4 Git GUI versions 2.45.4 through 2.46.4 Git GUI versions 2.46.4 through 2.47.3 Git GUI versions 2.47.3 through 2.48.2 Git GUI versions 2.48.2 through 2.49.1 Git GUI versions 2.49.1 through 2.50.1

Description: Git GUI allows the use of Git source control management tools via a graphical user interface. A malicious repository can include versions of sh.exe or text conversion filter programs like astextplain. Due to the design of Tcl on Windows, the system search path includes the current directory when looking for executables. These programs are invoked when a user selects Git Bash or Browse Files from the menu.

Recommendations: Update to Git GUI version 2.43.7 or later. Update to Git GUI version 2.44.4 or later. Update to Git GUI version 2.45.4 or later. Update to Git GUI version 2.46.4 or later. Update to Git GUI version 2.47.3 or later. Update to Git GUI version 2.48.2 or later. Update to Git GUI version 2.49.1 or later. Update to Git GUI version 2.50.1 or later.