CVE-2025-27614
📋 TL;DR
CVE-2025-27614 is a command injection vulnerability in Gitk that allows attackers to execute arbitrary scripts on a user's system by tricking them into opening a maliciously crafted Git repository with gitk. This affects users who clone and examine repositories with vulnerable Gitk versions (2.41.0 to specific patched versions). The vulnerability requires user interaction but can lead to full system compromise.
💻 Affected Systems
- Gitk
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with attacker gaining the same privileges as the user running gitk, potentially leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Local privilege escalation or execution of malicious scripts that steal credentials, install backdoors, or exfiltrate sensitive repository data.
If Mitigated
Limited impact if user runs gitk with minimal privileges and in isolated environments, though script execution would still occur.
🎯 Exploit Status
Exploit requires social engineering to get user to clone malicious repository and run gitk on specific files. Proof of concept details are publicly available in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, 2.50
Vendor Advisory: https://github.com/j6t/gitk/security/advisories/GHSA-g4v5-fjv9-mhhc
Restart Required: No
Instructions:
1. Update Gitk to one of the patched versions listed above. 2. For package managers: Use your system's package manager (apt, yum, brew, etc.) to update gitk. 3. For source installations: Download and compile from the official Git repository with the fix commit 8e3070aa5e331be45d4d03e3be41f84494fce129.
🔧 Temporary Workarounds
Avoid gitk filename command
allDo not use gitk with filename arguments on untrusted repositories
Use gitk only on trusted repositories
allRestrict gitk usage to verified, trusted repositories
🧯 If You Can't Patch
- Run gitk with minimal user privileges (non-admin/non-root accounts)
- Use alternative Git history browsers like git log or GUI tools from trusted sources
🔍 How to Verify
Check if Vulnerable:
Check Gitk version: gitk --version and compare against affected versions. If version is between 2.41.0 and below patched versions, system is vulnerable.Check Version:
gitk --versionVerify Fix Applied:
After updating, verify version is one of: 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, or 2.50+📡 Detection & Monitoring
Log Indicators:
- Unusual process execution from gitk context
- Script execution with gitk parent process
Network Indicators:
- Gitk process making unexpected network connections
SIEM Query:
process.name:gitk AND process.cmdline:*filename* AND NOT process.cmdline:*--version*