Vulnerability cyber

GitHub

Jul 16, 2025 1 min read
GitHub

A critical vulnerability in Git CLI enables arbitrary file writes on Linux and macOS systems, allowing attackers to achieve remote code execution through maliciously crafted repositories when users execute git clone –recursive commands. This vulnerability, assigned a CVSS severity score of 8.1/10, exploits a flaw in Git's handling of configuration values and carriage return characters. Public proof-of-concept exploits are available, and urgent remediation is required across development environments.

Source: https://cybersecuritynews.com/cli-arbitrary-file-write-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/github

"id": "git817071625",
"linkid": "github",
"type": "Vulnerability",
"date": "7/2025",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'industry': 'Software Development',
                        'name': 'Git CLI Users',
                        'type': 'Software Users'}],
 'attack_vector': 'Malicious repositories via git clone –recursive commands',
 'data_breach': {'data_exfiltration': 'Potential exfiltration of intellectual '
                                      'property and proprietary source code'},
 'description': 'A critical vulnerability in Git CLI enables arbitrary file '
                'writes on Linux and macOS systems, with working '
                'proof-of-concept exploits now publicly available.',
 'impact': {'systems_affected': ['Linux', 'macOS']},
 'initial_access_broker': {'entry_point': 'Malicious repositories'},
 'lessons_learned': 'Ensure timely updates to software, monitor for suspicious '
                    'git operations, and audit repository contents before '
                    'cloning.',
 'motivation': 'Remote Code Execution, Data Exfiltration',
 'post_incident_analysis': {'corrective_actions': 'Upgrade to patched Git '
                                                  'versions, monitor for '
                                                  'suspicious git clone '
                                                  '–recursive executions, '
                                                  'audit repository contents '
                                                  'before cloning',
                            'root_causes': 'Mismatch in Git’s handling of '
                                           'configuration values and control '
                                           'characters'},
 'recommendations': 'Upgrade to patched Git versions, monitor for suspicious '
                    'git clone –recursive executions, audit .gitmodules file '
                    'contents before cloning untrusted repositories.',
 'references': [{'source': 'Security Researcher Matt Muir'},
                {'source': 'DataDog researchers'}],
 'response': {'containment_measures': ['Upgrade to patched Git versions',
                                       'Avoid using GitHub Desktop for macOS '
                                       'until patched'],
              'enhanced_monitoring': ['Monitoring for suspicious git clone '
                                      '–recursive executions'],
              'remediation_measures': ['Upgrade to patched Git versions',
                                       'Monitoring for suspicious git clone '
                                       '–recursive executions']},
 'title': 'Git CLI Arbitrary File Write Vulnerability',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2025-48384'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.