CVE-2025-66413

CVSS v3.1

7.4

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Git for Windows versions prior to 2.53.0(2)

Description Git for Windows is susceptible to a security issue where a user's NTLM hash can be obtained by deceiving them into cloning from a malicious server. Because NTLM hashing is considered weak, an attacker could potentially brute-force a user's account name and password.

Recommendations Update to version 2.53.0(2) or later.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307CWE-200

Related Identifiers

CVE-2025-66413

GHSA-HV9C-4JM9-JH3X

OESA-2026-1660

Affected Products

Git For Windows

CVE-2025-66413

Weakness Enumeration

Related Identifiers

Affected Products

References · 8