CVE-2025-46334

Published Jul 10, 2025

Last updated 3 days ago

CVSS high 8.6

Overview

Description
Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable always includes the current directory. The mentioned programs are invoked when the user selects Git Bash or Browse Files from the menu. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.6
Impact score
6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-78

Social media

Hype score
Not currently trending

  1. [CVE-2025-46334: HIGH] Git GUI has a vulnerability in versions prior to 2.43.7 that allows malicious code execution. Update to versions 2.43.7 and higher for a fix. #cybersecurity#cve,CVE-2025-46334,#cybersecurity https://t.co/o6L5us9Fsb https://t.co/cV909JNd1T

    @CveFindCom

    10 Jul 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.