#VU112637 CRLF injection in Git - CVE-2025-48384
Published: July 9, 2025 / Updated: September 17, 2025
Vulnerability identifier: #VU112637
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2025-48384
CWE-ID: CWE-93
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Git
Git
Software vendor:
Git
Git
Description
The vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to insufficient validation of attacker-supplied data when reading config values. A remote user can pass specially crafted config lines to the application containing CR-LF characters and execute arbitrary code on the system after checkout.
Remediation
Install updates from vendor's website.