Main Vulnerability Database Vulnerabilities #VU112642

#VU112642 Protection Mechanism Failure in Git - CVE-2025-27613

Published: July 9, 2025

Vulnerability identifier: #VU112642

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-27613

CWE-ID: CWE-693

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Git

Software vendor:
Git

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists in Gitk when cloning an untrusted repository and executing Gitk without additional command arguments. A remote attacker can abuse such behavior and overwrite or truncate any files on the system.

Successful exploitation of the vulnerability requires that the "Support per-file encoding" option is enabled.

Remediation

Install updates from vendor's website.

External links

https://www.openwall.com/lists/oss-security/2025/07/08/4
https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/

#VU112642 Protection Mechanism Failure in Git - CVE-2025-27613

Description

Remediation

External links

Please verify you're human