CVE-2025-46835
📋 TL;DR
Git GUI contains a path traversal vulnerability that allows attackers to create or overwrite files with user permissions when cloning untrusted repositories. Users who edit files in maliciously named directories are affected. This impacts developers and system administrators using Git GUI for source control.
💻 Affected Systems
- Git GUI
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Arbitrary file write leading to remote code execution, privilege escalation, or data destruction if critical system files are overwritten.
Likely Case
Local file corruption, configuration file modification, or creation of malicious scripts in user-writable directories.
If Mitigated
Limited to user's own files and directories with write permissions, preventing system-wide compromise.
🎯 Exploit Status
Exploitation requires social engineering to trick users into cloning malicious repositories and editing specific files.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, or 2.50.1
Vendor Advisory: https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg
Restart Required: No
Instructions:
1. Check current Git version with 'git --version'. 2. Update Git using your package manager (apt, yum, brew, etc.) or download from git-scm.com. 3. Verify update with 'git --version'.
🔧 Temporary Workarounds
Avoid editing files in untrusted repositories
allDo not edit files when working with repositories from untrusted sources.
Use command-line Git instead
allUse Git command-line interface which is not affected by this GUI-specific vulnerability.
🧯 If You Can't Patch
- Restrict Git GUI usage to trusted repositories only
- Implement user awareness training about risks of untrusted repositories
🔍 How to Verify
Check if Vulnerable:
Check Git version with 'git --version' and compare against vulnerable versions listed in advisory.Check Version:
git --versionVerify Fix Applied:
Confirm Git version is 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, or 2.50.1 using 'git --version'.📡 Detection & Monitoring
Log Indicators:
- Unusual file creation/modification patterns in user directories after Git GUI usage
Network Indicators:
- Cloning from unknown or suspicious repository URLs
SIEM Query:
Process execution logs showing git-gui.exe or similar followed by file write operations to unexpected locations🔗 References
- https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da
- https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg
- http://www.openwall.com/lists/oss-security/2025/07/08/4
- https://lists.debian.org/debian-lts-announce/2025/10/msg00003.html
