CVE-2025-48384

Published Jul 8, 2025

Last updated 8 days ago

CVSS high 8.0
Git

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-48384 affects Git, a distributed revision control system. The vulnerability arises from how Git handles carriage return (CR) and line feed (LF) characters when reading and writing configuration values. Git strips trailing CRLF characters when reading a config value. However, when writing a config entry, values with a trailing CR are not quoted, leading to the CR being lost when the config is later read. This can lead to issues when initializing submodules. If a submodule path contains a trailing CR, the altered path (without the CR) is read, causing the submodule to be checked out to an incorrect location. If a symbolic link exists that points the altered path to the submodule's hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout, potentially leading to arbitrary code execution. This vulnerability is fixed in Git versions v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.

Description
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8
Impact score
6
Exploitability score
1.3
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-59

Social media

Hype score
Not currently trending

  1. 🚨 Massive Git Vulnerability Exposes Millions to Remote Attacks: What You Must Know About #CVE-2025-48384 https://t.co/kwRTsCmzcL

    @UndercodeNews

    15 Jul 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. PoC for CVE-2025-48384 — a “\r” injection in Git’s submodule URLs lets attackers write malicious Git hooks & achieve RCE when running git clone --recursive. Affects Git CLI v2.50.0 & earlier on Linux/macOS. Patch now! 👉 https://t.co/JXRKN0cweg #Git #RCE #CVE2

    @HackGitToolkit

    14 Jul 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-48384: Breaking Git with a carriage return and cloning RCE https://t.co/9J3NUReFCW

    @matsuu_zatsu

    12 Jul 2025

    107 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Originally from: DataDog: CVE-2025-48384: Git vulnerable to arbitrary file write on non-Windows systems https://t.co/sVDLwYlFQn ( :-{ı▓ #cloudsecurity #datadog #cyberresearch https://t.co/brBFn3Xtym

    @Cyb3rR3s34rch

    11 Jul 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-48384 exposes a critical flaw in Git CLI v2.50.0 and earlier on macOS and Linux, enabling arbitrary file writes & remote code execution through malicious repositories with –recursive clone. No patch for GitHub Desktop yet! ⚠️ #Security #GitVuln https://t.co/CoC

    @TweetThreatNews

    10 Jul 2025

    60 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  6. Warning: CVE-2025-48384 (CVSS 8.0) in @git may allow unintended execution of submodule hooks via crafted symlink + CRLF abuse, affecting multiple versions . Immediate action is critical to protect your systems. Update now to prevent exploitation! https://t.co/b3GZnZI6Sj #Patch

    @CCBalert

    10 Jul 2025

    217 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  7. CVE-2025-48384: Breaking Git with a carriage return and cloning RCE https://t.co/Knpc0G1Ho7

    @xushanpao310

    10 Jul 2025

    40 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  8. CVE-2025-48384: Breaking Git with a carriage return and cloning RCE https://t.co/YWH80lXNVX

    @samilaiho

    10 Jul 2025

    73 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. https://t.co/oFK8fyHN4s Gitの脆弱性CVE-2025-48384に関する解説記事です。 改行コードが悪用され、リモートコード実行の危険性があります。 GitHub Desktopユーザーは特に注意が必要です。

    @topickapp_com

    9 Jul 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. It seems that a new issue has been found on git CVE-2025-48384: Breaking Git with a carriage return and cloning RCE You can RCE into unix machines by using git clone —recursive on malicious repos. Even harmless looking commands could actually exploit you. https://t.co/E7iFV

    @m4rio_eth

    9 Jul 2025

    1425 Impressions

    2 Retweets

    16 Likes

    9 Bookmarks

    2 Replies

    0 Quotes

  11. Gitに制御文字CR絡みの深刻バグCVE-2025-48384。悪意ある.gitmodulesでclone --recursive時にワークツリー外へ書き込みやフック上書きができRCEも可能。CIやIDE連携はパッチ適用か--recursive回避を急いでね https://t.co/MdIXacLWOj

    @techandeco4242

    9 Jul 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Gitで3件の脆弱性が修正された。CVSSスコア8.1の遠隔コード実行CVE-2025-48384、CVSSスコア8.6の任意ファイル書き込みCVE-2025-48385、CVSSスコア6.3のバッファオーバーフローCVE-2025-48386。 https://t.co/Pz1vkUDUyA

    @__kokumoto

    9 Jul 2025

    836 Impressions

    2 Retweets

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  13. CVE-2025-48384: Breaking git with a carriage return and cloning RCE https://t.co/ak5RvDlZno

    @Dinosn

    9 Jul 2025

    2784 Impressions

    1 Retweet

    9 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  14. ⚠️Git RCE (CVE-2025-48384) 预警 详情:恶意Git存储库递归 'git clone'可能导致代码执行。 危害:如果被特定攻击者用在虚假招聘面试和 Git repos 等社会工程学攻击上会很危险。 注意风险 @SlowMist_Team 🧐 https://t.co/Gu3ASMz

    @im23pds

    9 Jul 2025

    135 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. ⚠️Git RCE (CVE-2025-48384) 预警 详情:恶意Git存储库递归 'git clone'可能导致代码执行。 危害:如果被特定攻击者用在虚假招聘面试和 Git repos 等社会工程学攻击上会很危险。 注意风险 🧐 @SlowMist_Team https://t.co/Gu3ASMz

    @im23pds

    9 Jul 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. ⚠️Git RCE (CVE-2025-48384) 预警 详情:恶意Git存储库递归 'git clone'可能导致代码执行。 危害:如果被特定攻击者用在虚假招聘面试和 Git repos 等社会工程学攻击上会很危险。 注意风险 🧐 https://t.co/Gu3ASMzzqs

    @im23pds

    9 Jul 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🚨 Git RCE Alert (CVE-2025-48384) Recursive `git clone` from malicious repos can lead to code execution. Dangerous in the context of fake job interviews and Git repos social engineering vector. 👉 Assume git clone is code execution, isolate your dev tasks and patch ASAP.

    @coinspect

    8 Jul 2025

    1863 Impressions

    7 Retweets

    16 Likes

    9 Bookmarks

    1 Reply

    1 Quote

  18. CVE-2025-48384: Breaking git with a carriage return and cloning RCE tl;dr: On Unix-like platforms, if you use git clone --recursive on an untrusted repo, it could achieve remote code execution. Update to a fixed versionof git and other software that embeds Git (including GitHub

    @WhisperingJack3

    8 Jul 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 New Git vulnerability alert! CVE-2025-48384 shows how a simple carriage return can lead to RCE during submodule cloning. Scary stuff! #HackerNews #Tech 🔗 https://t.co/Y2liIUVR5Y

    @thatkid02

    8 Jul 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CVE-2025-48384: Breaking git with a carriage return and cloning RCE https://t.co/KoyhM497AY

    @ytroncal

    8 Jul 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. CVE-2025-48384: Breaking git with a carriage return and cloning RCE https://t.co/1SmEaRXS34

    @jedisct1

    8 Jul 2025

    1004 Impressions

    7 Retweets

    8 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  22. 📰 Top Story: current rank #1 story on Hacker News is 44502330 (CVE-2025-48384:...), with 121 score & 17 comments. https://t.co/v4JnUCC0zV https://t.co/nMe7qN6T9c

    @TrackHN

    8 Jul 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. CVE-2025-48384: Breaking git with a carriage return and cloning RCE https://t.co/ZdFTmWoxbP

    @Richard_Kollar

    8 Jul 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 📰 Top Story: current rank #1 story on Hacker News is 44502330 (CVE-2025-48384:...), with 27 score & 0 comments. https://t.co/v4JnUCC0zV https://t.co/BTf6CD0I8k

    @TrackHN

    8 Jul 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. CVE-2025-48384: Breaking Git with a carriage return and cloning RCE #HackerNews https://t.co/scsE9kg0UT

    @hackernewstop5

    8 Jul 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. CVE-2025-48384: Breaking Git with a carriage return and cloning RCE https://t.co/e8Q1NM7cMF 1

    @cevaboyz

    8 Jul 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.