CVE-2025-52480 – CVE-2025-52480 is an argument injection vulnera... (How to Fix)

Q: What is the severity of CVE-2025-52480?

CVE-2025-52480 has a CVSS score of 9.8 (CRITICAL). CVE-2025-52480 is an argument injection vulnerability in Registrator.jl's gettreesha() function that allows remote code execution when processing malicious GitHub clone URLs. This affects all users running Registrator versions prior to 1.9.5. The vulnerability has a CVSS score of 9.8, indicating critical severity.

📋 TL;DR

CVE-2025-52480 is an argument injection vulnerability in Registrator.jl's gettreesha() function that allows remote code execution when processing malicious GitHub clone URLs. This affects all users running Registrator versions prior to 1.9.5. The vulnerability has a CVSS score of 9.8, indicating critical severity.

💻 Affected Systems

Products:

Registrator.jl

Versions: All versions prior to 1.9.5

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects any deployment where Registrator processes GitHub clone URLs, which is its core functionality.

📦 What is this software?

Registrator by Julialang

View all CVEs affecting Registrator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary code with the privileges of the Registrator process, potentially leading to data theft, system takeover, or lateral movement.

🟠

Likely Case

Attackers exploiting this vulnerability to execute commands on the Registrator server, potentially compromising the Julia package registry or using the system as a foothold for further attacks.

🟢

If Mitigated

Limited impact if Registrator runs in a highly restricted container with minimal permissions and network access, though RCE would still be possible within the container.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires a malicious or compromised GitHub repository URL to be processed by Registrator, which could occur through various attack vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9.5

Vendor Advisory: https://github.com/JuliaRegistries/Registrator.jl/security/advisories/GHSA-w8jv-rg3h-fc68

Restart Required: Yes

Instructions:

1. Stop Registrator service. 2. Update Registrator to version 1.9.5 using your package manager or by downloading from GitHub. 3. Restart Registrator service.

🧯 If You Can't Patch

Isolate Registrator in a container with minimal privileges and network access
Implement strict input validation for GitHub URLs before they reach Registrator

🔍 How to Verify

Check if Vulnerable:

Check Registrator version - if it's below 1.9.5, it's vulnerable

Check Version:

Check the Registrator configuration or deployment manifest for version information

Verify Fix Applied:

Verify version is 1.9.5 or higher and check that the patch from PR #449 is applied

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns in Registrator logs
Processing of suspicious GitHub URLs with special characters
Error messages related to argument parsing failures

Network Indicators:

Unusual outbound connections from Registrator server
Requests to unexpected external resources

SIEM Query:

source="registrator" AND ("argument" OR "injection" OR "unexpected command")

📊 Metadata

CVE ID: CVE-2025-52480

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-88

EPSS Score: 0.58% exploit probability (68.3th percentile)

Published: June 25, 2025

Last Updated: September 19, 2025

🔗 References

https://github.com/JuliaRegistries/Registrator.jl/pull/449 Issue Tracking,Patch
https://github.com/JuliaRegistries/Registrator.jl/security/advisories/GHSA-w8jv-rg3h-fc68 Issue Tracking,Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-52480, you might also want to check these: