AI description
CVE-2025-48384 affects Git, a distributed revision control system. The vulnerability arises from how Git handles carriage return (CR) and line feed (LF) characters when reading and writing configuration values. Git strips trailing CRLF characters when reading a config value. However, when writing a config entry, values with a trailing CR are not quoted, leading to the CR being lost when the config is later read. This can lead to issues when initializing submodules. If a submodule path contains a trailing CR, the altered path (without the CR) is read, causing the submodule to be checked out to an incorrect location. If a symbolic link exists that points the altered path to the submodule's hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout, potentially leading to arbitrary code execution. This vulnerability is fixed in Git versions v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
- Description
- Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- git
CVSS 3.1
- Type
- Secondary
- Base score
- 8
- Impact score
- 6
- Exploitability score
- 1.3
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Git Link Following Vulnerability
- Exploit added on
- Aug 25, 2025
- Exploit action due
- Sep 15, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security-advisories@github.com
- CWE-59
- Hype score
- Not currently trending
CVE-2025-48384: Breaking Git with a carriage return and cloning RCE https://t.co/reGO56Jh08
@pentest_swissky
13 Sept 2025
1194 Impressions
1 Retweet
10 Likes
11 Bookmarks
0 Replies
0 Quotes
NVD - cve-2025-48384 https://t.co/FZlRGtNfMO
@jrogue
13 Sept 2025
165 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-48384 Git Link Following Vulnerability: Git contains a link following vulnerability that stems from Git’s inconsistent handling of carriage return characters in configuration files.
@ZeroDayFacts
8 Sept 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL THREATS - Sept 7 ⚠️ PATCH NOW: • WhatsApp CVE-2025-55177 • TP-Link CVE-2020-24363 • Git CVE-2025-48384 🦠 PromptLock AI ransomware 🕳️ 16B credentials leaked 🛡️ Update systems, enable MFA Deadline: Sept 23 #CyberSecurity #ThreatIntel https:
@404LabsX
7 Sept 2025
113 Impressions
3 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL THREATS - Sept 7 ⚠️ PATCH NOW: • WhatsApp CVE-2025-55177 • TP-Link CVE-2020-24363 • Git CVE-2025-48384 🦠 PromptLock AI ransomware 🕳️ 16B credentials leaked 🛡️ Update systems, enable MFA Deadline: Sept 23 #CyberSecurity #ThreatIntel https:
@404LabsX
7 Sept 2025
99 Impressions
3 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Git breach alert: Active exploitation of a zero-day in Git (CVE-2025-48384) allows hidden hooks via submodule configs to run malicious code. Patch now and disable untrusted submodules—September 15 is the deadline. Full Story: https://t.co/HILr9TCl1D #CyberSecurity #DevSe
@securitydailyr
3 Sept 2025
187 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Git breach alert: Active exploitation of a zero-day in Git (CVE-2025-48384) allows hidden hooks via submodule configs to run malicious code. Patch now and disable untrusted submodules—September 15 is the deadline. Full Story: https://t.co/HILr9TCl1D #CyberSecurity #DevSe
@securitydailyr
2 Sept 2025
283 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Citrix and Git vulnerabilities CVE-2024-8068, CVE-2024-8069, & CVE-2025-48384 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/IjKmgibT4Z & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/4Lc
@pro_recover_y
1 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Citrix and Git vulnerabilities CVE-2024-8068, CVE-2024-8069, & CVE-2025-48384 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/rLaCxQoLpX & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/OdN
@Astrah_Hackz
1 Sept 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE Record: CVE-2025-48384 Yikes 😬 https://t.co/rkNd5hLJWR
@fekuxpress
30 Aug 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CISA adds three exploited #vulnerabilities (CVE-2024-8068, CVE-2024-8069, CVE-2025-48384) to its KEV catalogue. #Cybersecurity #infosec https://t.co/RqhqvunyEN https://t.co/puxs2Jz2h9
@twelvesec
28 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Git vulnerability CVE-2025-48384 allows remote code execution https://t.co/usqPJyLStw
@DemolisherDigi
28 Aug 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidad en Git ❗CVE-2025-48384 ➡️Más info: https://t.co/TPeigv1kH9 https://t.co/GGB4t1vOoL
@CERTpy
27 Aug 2025
131 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE ALERT: Git flaw exploited for RCE ⚠️ 🐛 CVE-2025-48384 → bug in submodule config handling 💻 Exploit: malicious hooks trigger remote code execution when cloning (esp. --recursive) 🎯 Targets: macOS/Linux users + CI/CD pipelines cloning untrusted repos
@Newtalics
27 Aug 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts: CVE-2025-48384, a critical Git RCE flaw, is actively exploited! Update to the latest Git version to patch this vulnerability. Details: https://t.co/50Dz1I3X0O #Cybersecurity #Git #PatchNow
@_F2po_
27 Aug 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) https://t.co/uviZx3ZS42
@Dinosn
27 Aug 2025
4888 Impressions
20 Retweets
57 Likes
20 Bookmarks
0 Replies
0 Quotes
CISA alerts on a critical Git flaw (CVE-2025-48384) enabling arbitrary code execution via crafted submodules in config files. Citrix Session Recording bugs CVE-2024-8068 & CVE-2024-8069 also noted. Updates available from Git v2.43.7. #GitVulnerability #USA https://t.co/pBsmWJ
@TweetThreatNews
26 Aug 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warns a critical Git flaw (CVE-2025-48384) is being actively exploited. Update to version 2.50.1 immediately to prevent code execution, especially in CI/CD systems. https://t.co/4E305VnpWV
@RedTeamNewsBlog
26 Aug 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Günün CVE’si: CVE-2025-48384 Git’te tespit edilen kritik güvenlik açığı, saldırganlara uzaktan kod çalıştırma (RCE) veya rastgele dosya yazma imkânı tanıyor. Bu açık aktif olarak sömürülüyor ve CISA tarafından KEV kataloğuna eklendi. https://t.co/
@KamCyberTR
26 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) https://t.co/FxtDGVthmb #HelpNetSecurity #Cybersecurity https://t.co/eVplb2kIDE
@PoseidonTPA
26 Aug 2025
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#Git #vulnerability leading to RCE is being exploited by attackers (#CVE-2025-48384) https://t.co/MEySCf6UZG
@ScyScan
26 Aug 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisa added 3️⃣ Dangerous vulnerability to Kev. Two relate to Citrix Session Recording (Cve-2024-8068, Cve-2024-8069) and allow increase privileges and implementation code. The third - Cve-2025-48384 In git with CVSS 8.1, can lead to Launch harmful code While cloning repositor
@Hack_Your_Mom
26 Aug 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added three actively exploited vulnerabilities to KEV catalog impacting Citrix Session Recording (CVE-2024-8068, CVE-2024-8069) and Git (CVE-2025-48384), enabling privilege escalation and code execution. #Citrix #GitFlaw #USA https://t.co/QJjk7oXQXW
@TweetThreatNews
26 Aug 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA just flagged 3 new actively exploited flaws—two in Citrix Session Recording, one in Git. The Git bug (CVE-2025-48384) can let attackers run arbitrary code just by cloning a repo. Proof-of-concept exploit is already out. Here’s what you need to know ↓ https://t.co/GC6
@TheHackersNews
26 Aug 2025
13389 Impressions
39 Retweets
84 Likes
11 Bookmarks
1 Reply
1 Quote
⚠️Citrix製品とGitの脆弱性が悪用される、米CISAがKEVカタログに追加(CVE-2024-8069、CVE-2024-8068、CVE-2025-48384) 〜サイバーアラート8月26日〜 https://t.co/AWpmkysT8J #セキュリティ #インテリジェンス #OSINT
@MachinaRecord
26 Aug 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-48384 #Git Link Following Vulnerability https://t.co/8iOVxkOZ2E
@ScyScan
25 Aug 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Citrix and Git vulnerabilities CVE-2024-8068, CVE-2024-8069, & CVE-2025-48384 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwapzIN & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/0Hu
@CISACyber
25 Aug 2025
16394 Impressions
59 Retweets
148 Likes
30 Bookmarks
5 Replies
2 Quotes
2025-08-03 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― CVE-2025-48384: Breaking Git with a carriage return and cloning RCE https://t.co/zUfOqiMisS https://t.co/RceG4rCfdn
@motikan2010
4 Aug 2025
124 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-48384 : Breaking Git with Reversing and RCE Cloning https://t.co/Vbfq83gP8p
@freedomhack101
3 Aug 2025
97 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48384: Breaking Git with a carriage return and cloning RCE https://t.co/ak5RvDlZno
@Dinosn
3 Aug 2025
3741 Impressions
11 Retweets
20 Likes
11 Bookmarks
0 Replies
0 Quotes
⚠️ New Git bug → RCE via submodules (CVE-2025-48384) https://t.co/qpKN5AsMBm
@0xRAYAN7
2 Aug 2025
1902 Impressions
2 Retweets
32 Likes
17 Bookmarks
0 Replies
0 Quotes
#exploit #Vulnerability 1⃣ CVE-2025-4660: Windows Forescout SecureConnector RCE - https://t.co/sBpR2H4bWw 2⃣ CVE-2025-48384: Breaking git with a carriage return and cloning RCE - https://t.co/M9orG7oh1E 3⃣ CVE-2025-32023: RCE in Redis >= 2.8 - https://t.co/X2APbKJpe
@ksg93rd
24 Jul 2025
107 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
最近出たGitにおけるRCEの脆弱性のPoCおよび解説を書きました。(CVE-2025-48384) https://t.co/mdxZ3F2q2X
@ikbasenet
20 Jul 2025
1090 Impressions
2 Retweets
27 Likes
10 Bookmarks
0 Replies
0 Quotes
🚨 Massive Git Vulnerability Exposes Millions to Remote Attacks: What You Must Know About #CVE-2025-48384 https://t.co/kwRTsCmzcL
@UndercodeNews
15 Jul 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PoC for CVE-2025-48384 — a “\r” injection in Git’s submodule URLs lets attackers write malicious Git hooks & achieve RCE when running git clone --recursive. Affects Git CLI v2.50.0 & earlier on Linux/macOS. Patch now! 👉 https://t.co/JXRKN0cweg #Git #RCE #CVE2
@HackGitToolkit
14 Jul 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48384: Breaking Git with a carriage return and cloning RCE https://t.co/9J3NUReFCW
@matsuu_zatsu
12 Jul 2025
107 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Originally from: DataDog: CVE-2025-48384: Git vulnerable to arbitrary file write on non-Windows systems https://t.co/sVDLwYlFQn ( :-{ı▓ #cloudsecurity #datadog #cyberresearch https://t.co/brBFn3Xtym
@Cyb3rR3s34rch
11 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48384 exposes a critical flaw in Git CLI v2.50.0 and earlier on macOS and Linux, enabling arbitrary file writes & remote code execution through malicious repositories with –recursive clone. No patch for GitHub Desktop yet! ⚠️ #Security #GitVuln https://t.co/CoC
@TweetThreatNews
10 Jul 2025
60 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Warning: CVE-2025-48384 (CVSS 8.0) in @git may allow unintended execution of submodule hooks via crafted symlink + CRLF abuse, affecting multiple versions . Immediate action is critical to protect your systems. Update now to prevent exploitation! https://t.co/b3GZnZI6Sj #Patch
@CCBalert
10 Jul 2025
217 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-48384: Breaking Git with a carriage return and cloning RCE https://t.co/Knpc0G1Ho7
@xushanpao310
10 Jul 2025
40 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-48384: Breaking Git with a carriage return and cloning RCE https://t.co/YWH80lXNVX
@samilaiho
10 Jul 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/oFK8fyHN4s Gitの脆弱性CVE-2025-48384に関する解説記事です。 改行コードが悪用され、リモートコード実行の危険性があります。 GitHub Desktopユーザーは特に注意が必要です。
@topickapp_com
9 Jul 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
It seems that a new issue has been found on git CVE-2025-48384: Breaking Git with a carriage return and cloning RCE You can RCE into unix machines by using git clone —recursive on malicious repos. Even harmless looking commands could actually exploit you. https://t.co/E7iFV
@m4rio_eth
9 Jul 2025
1425 Impressions
2 Retweets
16 Likes
9 Bookmarks
2 Replies
0 Quotes
Gitに制御文字CR絡みの深刻バグCVE-2025-48384。悪意ある.gitmodulesでclone --recursive時にワークツリー外へ書き込みやフック上書きができRCEも可能。CIやIDE連携はパッチ適用か--recursive回避を急いでね https://t.co/MdIXacLWOj
@techandeco4242
9 Jul 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Gitで3件の脆弱性が修正された。CVSSスコア8.1の遠隔コード実行CVE-2025-48384、CVSSスコア8.6の任意ファイル書き込みCVE-2025-48385、CVSSスコア6.3のバッファオーバーフローCVE-2025-48386。 https://t.co/Pz1vkUDUyA
@__kokumoto
9 Jul 2025
836 Impressions
2 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-48384: Breaking git with a carriage return and cloning RCE https://t.co/ak5RvDlZno
@Dinosn
9 Jul 2025
2784 Impressions
1 Retweet
9 Likes
7 Bookmarks
0 Replies
0 Quotes
⚠️Git RCE (CVE-2025-48384) 预警 详情:恶意Git存储库递归 'git clone'可能导致代码执行。 危害:如果被特定攻击者用在虚假招聘面试和 Git repos 等社会工程学攻击上会很危险。 注意风险 @SlowMist_Team 🧐 https://t.co/Gu3ASMz
@im23pds
9 Jul 2025
135 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️Git RCE (CVE-2025-48384) 预警 详情:恶意Git存储库递归 'git clone'可能导致代码执行。 危害:如果被特定攻击者用在虚假招聘面试和 Git repos 等社会工程学攻击上会很危险。 注意风险 🧐 @SlowMist_Team https://t.co/Gu3ASMz
@im23pds
9 Jul 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Git RCE (CVE-2025-48384) 预警 详情:恶意Git存储库递归 'git clone'可能导致代码执行。 危害:如果被特定攻击者用在虚假招聘面试和 Git repos 等社会工程学攻击上会很危险。 注意风险 🧐 https://t.co/Gu3ASMzzqs
@im23pds
9 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Git RCE Alert (CVE-2025-48384) Recursive `git clone` from malicious repos can lead to code execution. Dangerous in the context of fake job interviews and Git repos social engineering vector. 👉 Assume git clone is code execution, isolate your dev tasks and patch ASAP.
@coinspect
8 Jul 2025
1863 Impressions
7 Retweets
16 Likes
9 Bookmarks
1 Reply
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB276680-D286-4DF6-BCB7-CAC1D9D77E08",
"versionEndExcluding": "2.43.7"
},
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "856A8970-74E2-4F8F-A1A6-2AB1C0C87E45",
"versionEndExcluding": "2.44.4",
"versionStartIncluding": "2.44.0"
},
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D1DB9BA-3D91-4F7D-931E-A664737129F0",
"versionEndExcluding": "2.45.4",
"versionStartIncluding": "2.45.0"
},
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01BDA55C-F398-4286-ABC6-979A783BDC65",
"versionEndExcluding": "2.46.4",
"versionStartIncluding": "2.46.0"
},
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF4A2ACC-0996-4869-884D-734D6006C032",
"versionEndExcluding": "2.47.3",
"versionStartIncluding": "2.47.0"
},
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DD21A83-8D62-4EE4-914B-B5ACA19A84A2",
"versionEndExcluding": "2.48.2",
"versionStartIncluding": "2.48.0"
},
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "95C1825C-B7A2-46E9-93D7-2D196DB2515E",
"versionEndExcluding": "2.49.1",
"versionStartIncluding": "2.49.0"
},
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18F948AD-22C0-4B2E-B497-899F3A94B70A",
"versionEndExcluding": "2.50.1",
"versionStartIncluding": "2.50.0"
}
],
"operator": "OR"
}
]
}
]