- Description
- Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- git, debian_linux, xcode
CVSS 3.1
- Type
- Secondary
- Base score
- 8
- Impact score
- 6
- Exploitability score
- 1.3
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Git Link Following Vulnerability
- Exploit added on
- Aug 25, 2025
- Exploit action due
- Sep 15, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security-advisories@github.com
- CWE-59
- Hype score
- Not currently trending
CVE-2025-48384: git clone --recurse-submodules honors attacker‑controlled .gitmodules. Crafted submodule names/URLs pierce repo boundaries and steer transport helpers (ssh/http/file). Result: unexpected network touches and file effects in dev/CI—triggered on clone.
@unemployed_0xff
27 Nov 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 🚨 Git's carriage-return confusion in .gitmodules parsing allows attackers to write malicious hooks during recursive clone operations (CVE-2025-48384). The exploit crafts a malicious repository with trailing carriage returns in submodule paths. When `git clone --recursive`
@the_c_protocol
18 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CrowdStrike detects exploitation of Git vulnerability CVE-2025-48384 using malicious .gitmodules with trailing carriage returns and recursive cloning to execute harmful post-checkout hooks on macOS and Linux. #GitVulnerability #LinuxSecurity #USA https://t.co/DAxq910vkK
@TweetThreatNews
17 Oct 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CVE-2025-48384 en #Git → RCE en macOS y Linux al clonar con --recursive. GitHub Desktop también vulnerable. 🚨 Parchea YA (CISA lo incluyó en KEV). 👉 Info: https://t.co/i3MvdlluxF #Git #CVE https://t.co/ndFJuWPLcM
@okITupSL
9 Oct 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⬅️ Breaking Git with a carriage return and cloning RCE (CVE-2025-48384) Blog: https://t.co/oTLHaK7acf author: @davidgl https://t.co/94pXYnzryI
@mqst_
1 Oct 2025
1165 Impressions
2 Retweets
19 Likes
3 Bookmarks
1 Reply
0 Quotes
CVE-2025-48384: Breaking Git with a carriage return and cloning RCE https://t.co/reGO56Jh08
@pentest_swissky
13 Sept 2025
1194 Impressions
1 Retweet
10 Likes
11 Bookmarks
0 Replies
0 Quotes
NVD - cve-2025-48384 https://t.co/FZlRGtNfMO
@jrogue
13 Sept 2025
165 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-48384 Git Link Following Vulnerability: Git contains a link following vulnerability that stems from Git’s inconsistent handling of carriage return characters in configuration files.
@ZeroDayFacts
8 Sept 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL THREATS - Sept 7 ⚠️ PATCH NOW: • WhatsApp CVE-2025-55177 • TP-Link CVE-2020-24363 • Git CVE-2025-48384 🦠 PromptLock AI ransomware 🕳️ 16B credentials leaked 🛡️ Update systems, enable MFA Deadline: Sept 23 #CyberSecurity #ThreatIntel https:
@404LABSx
7 Sept 2025
113 Impressions
3 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL THREATS - Sept 7 ⚠️ PATCH NOW: • WhatsApp CVE-2025-55177 • TP-Link CVE-2020-24363 • Git CVE-2025-48384 🦠 PromptLock AI ransomware 🕳️ 16B credentials leaked 🛡️ Update systems, enable MFA Deadline: Sept 23 #CyberSecurity #ThreatIntel https:
@404LABSx
7 Sept 2025
99 Impressions
3 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Git breach alert: Active exploitation of a zero-day in Git (CVE-2025-48384) allows hidden hooks via submodule configs to run malicious code. Patch now and disable untrusted submodules—September 15 is the deadline. Full Story: https://t.co/HILr9TCl1D #CyberSecurity #DevSe
@securitydailyr
3 Sept 2025
187 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Git breach alert: Active exploitation of a zero-day in Git (CVE-2025-48384) allows hidden hooks via submodule configs to run malicious code. Patch now and disable untrusted submodules—September 15 is the deadline. Full Story: https://t.co/HILr9TCl1D #CyberSecurity #DevSe
@securitydailyr
2 Sept 2025
283 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Citrix and Git vulnerabilities CVE-2024-8068, CVE-2024-8069, & CVE-2025-48384 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/IjKmgibT4Z & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/4Lc
@pro_recover_y
1 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Citrix and Git vulnerabilities CVE-2024-8068, CVE-2024-8069, & CVE-2025-48384 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/rLaCxQoLpX & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/OdN
@Astrah_Hackz
1 Sept 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE Record: CVE-2025-48384 Yikes 😬 https://t.co/rkNd5hLJWR
@fekuxpress
30 Aug 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CISA adds three exploited #vulnerabilities (CVE-2024-8068, CVE-2024-8069, CVE-2025-48384) to its KEV catalogue. #Cybersecurity #infosec https://t.co/RqhqvunyEN https://t.co/puxs2Jz2h9
@twelvesec
28 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Git vulnerability CVE-2025-48384 allows remote code execution https://t.co/usqPJyLStw
@DemolisherDigi
28 Aug 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidad en Git ❗CVE-2025-48384 ➡️Más info: https://t.co/TPeigv1kH9 https://t.co/GGB4t1vOoL
@CERTpy
27 Aug 2025
131 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE ALERT: Git flaw exploited for RCE ⚠️ 🐛 CVE-2025-48384 → bug in submodule config handling 💻 Exploit: malicious hooks trigger remote code execution when cloning (esp. --recursive) 🎯 Targets: macOS/Linux users + CI/CD pipelines cloning untrusted repos
@Newtalics
27 Aug 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts: CVE-2025-48384, a critical Git RCE flaw, is actively exploited! Update to the latest Git version to patch this vulnerability. Details: https://t.co/50Dz1I3X0O #Cybersecurity #Git #PatchNow
@_F2po_
27 Aug 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) https://t.co/uviZx3ZS42
@Dinosn
27 Aug 2025
4888 Impressions
20 Retweets
57 Likes
20 Bookmarks
0 Replies
0 Quotes
CISA alerts on a critical Git flaw (CVE-2025-48384) enabling arbitrary code execution via crafted submodules in config files. Citrix Session Recording bugs CVE-2024-8068 & CVE-2024-8069 also noted. Updates available from Git v2.43.7. #GitVulnerability #USA https://t.co/pBsmWJ
@TweetThreatNews
26 Aug 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warns a critical Git flaw (CVE-2025-48384) is being actively exploited. Update to version 2.50.1 immediately to prevent code execution, especially in CI/CD systems. https://t.co/4E305VnpWV
@RedTeamNewsBlog
26 Aug 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Günün CVE’si: CVE-2025-48384 Git’te tespit edilen kritik güvenlik açığı, saldırganlara uzaktan kod çalıştırma (RCE) veya rastgele dosya yazma imkânı tanıyor. Bu açık aktif olarak sömürülüyor ve CISA tarafından KEV kataloğuna eklendi. https://t.co/
@KamCyberTR
26 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) https://t.co/FxtDGVthmb #HelpNetSecurity #Cybersecurity https://t.co/eVplb2kIDE
@PoseidonTPA
26 Aug 2025
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#Git #vulnerability leading to RCE is being exploited by attackers (#CVE-2025-48384) https://t.co/MEySCf6UZG
@ScyScan
26 Aug 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisa added 3️⃣ Dangerous vulnerability to Kev. Two relate to Citrix Session Recording (Cve-2024-8068, Cve-2024-8069) and allow increase privileges and implementation code. The third - Cve-2025-48384 In git with CVSS 8.1, can lead to Launch harmful code While cloning repositor
@Hack_Your_Mom
26 Aug 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added three actively exploited vulnerabilities to KEV catalog impacting Citrix Session Recording (CVE-2024-8068, CVE-2024-8069) and Git (CVE-2025-48384), enabling privilege escalation and code execution. #Citrix #GitFlaw #USA https://t.co/QJjk7oXQXW
@TweetThreatNews
26 Aug 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA just flagged 3 new actively exploited flaws—two in Citrix Session Recording, one in Git. The Git bug (CVE-2025-48384) can let attackers run arbitrary code just by cloning a repo. Proof-of-concept exploit is already out. Here’s what you need to know ↓ https://t.co/GC6
@TheHackersNews
26 Aug 2025
13389 Impressions
39 Retweets
84 Likes
11 Bookmarks
1 Reply
1 Quote
⚠️Citrix製品とGitの脆弱性が悪用される、米CISAがKEVカタログに追加(CVE-2024-8069、CVE-2024-8068、CVE-2025-48384) 〜サイバーアラート8月26日〜 https://t.co/AWpmkysT8J #セキュリティ #インテリジェンス #OSINT
@MachinaRecord
26 Aug 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-48384 #Git Link Following Vulnerability https://t.co/8iOVxkOZ2E
@ScyScan
25 Aug 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Citrix and Git vulnerabilities CVE-2024-8068, CVE-2024-8069, & CVE-2025-48384 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwapzIN & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/0Hu
@CISACyber
25 Aug 2025
16394 Impressions
59 Retweets
148 Likes
30 Bookmarks
5 Replies
2 Quotes
2025-08-03 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― CVE-2025-48384: Breaking Git with a carriage return and cloning RCE https://t.co/zUfOqiMisS https://t.co/RceG4rCfdn
@motikan2010
4 Aug 2025
124 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-48384 : Breaking Git with Reversing and RCE Cloning https://t.co/Vbfq83gP8p
@freedomhack101
3 Aug 2025
97 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48384: Breaking Git with a carriage return and cloning RCE https://t.co/ak5RvDlZno
@Dinosn
3 Aug 2025
3741 Impressions
11 Retweets
20 Likes
11 Bookmarks
0 Replies
0 Quotes
⚠️ New Git bug → RCE via submodules (CVE-2025-48384) https://t.co/qpKN5AsMBm
@0xRAYAN7
2 Aug 2025
1902 Impressions
2 Retweets
32 Likes
17 Bookmarks
0 Replies
0 Quotes
#exploit #Vulnerability 1⃣ CVE-2025-4660: Windows Forescout SecureConnector RCE - https://t.co/sBpR2H4bWw 2⃣ CVE-2025-48384: Breaking git with a carriage return and cloning RCE - https://t.co/M9orG7oh1E 3⃣ CVE-2025-32023: RCE in Redis >= 2.8 - https://t.co/X2APbKJpe
@ksg93rd
24 Jul 2025
107 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
最近出たGitにおけるRCEの脆弱性のPoCおよび解説を書きました。(CVE-2025-48384) https://t.co/mdxZ3F2q2X
@ikbasenet
20 Jul 2025
1090 Impressions
2 Retweets
27 Likes
10 Bookmarks
0 Replies
0 Quotes
🚨 Massive Git Vulnerability Exposes Millions to Remote Attacks: What You Must Know About #CVE-2025-48384 https://t.co/kwRTsCmzcL
@UndercodeNews
15 Jul 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PoC for CVE-2025-48384 — a “\r” injection in Git’s submodule URLs lets attackers write malicious Git hooks & achieve RCE when running git clone --recursive. Affects Git CLI v2.50.0 & earlier on Linux/macOS. Patch now! 👉 https://t.co/JXRKN0cweg #Git #RCE #CVE2
@HackGitToolkit
14 Jul 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48384: Breaking Git with a carriage return and cloning RCE https://t.co/9J3NUReFCW
@matsuu_zatsu
12 Jul 2025
107 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Originally from: DataDog: CVE-2025-48384: Git vulnerable to arbitrary file write on non-Windows systems https://t.co/sVDLwYlFQn ( :-{ı▓ #cloudsecurity #datadog #cyberresearch https://t.co/brBFn3Xtym
@Cyb3rR3s34rch
11 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48384 exposes a critical flaw in Git CLI v2.50.0 and earlier on macOS and Linux, enabling arbitrary file writes & remote code execution through malicious repositories with –recursive clone. No patch for GitHub Desktop yet! ⚠️ #Security #GitVuln https://t.co/CoC
@TweetThreatNews
10 Jul 2025
60 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Warning: CVE-2025-48384 (CVSS 8.0) in @git may allow unintended execution of submodule hooks via crafted symlink + CRLF abuse, affecting multiple versions . Immediate action is critical to protect your systems. Update now to prevent exploitation! https://t.co/b3GZnZI6Sj #Patch
@CCBalert
10 Jul 2025
217 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-48384: Breaking Git with a carriage return and cloning RCE https://t.co/Knpc0G1Ho7
@xushanpao310
10 Jul 2025
40 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-48384: Breaking Git with a carriage return and cloning RCE https://t.co/YWH80lXNVX
@samilaiho
10 Jul 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/oFK8fyHN4s Gitの脆弱性CVE-2025-48384に関する解説記事です。 改行コードが悪用され、リモートコード実行の危険性があります。 GitHub Desktopユーザーは特に注意が必要です。
@topickapp_com
9 Jul 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
It seems that a new issue has been found on git CVE-2025-48384: Breaking Git with a carriage return and cloning RCE You can RCE into unix machines by using git clone —recursive on malicious repos. Even harmless looking commands could actually exploit you. https://t.co/E7iFV
@m4rio_eth
9 Jul 2025
1425 Impressions
2 Retweets
16 Likes
9 Bookmarks
2 Replies
0 Quotes
Gitに制御文字CR絡みの深刻バグCVE-2025-48384。悪意ある.gitmodulesでclone --recursive時にワークツリー外へ書き込みやフック上書きができRCEも可能。CIやIDE連携はパッチ適用か--recursive回避を急いでね https://t.co/MdIXacLWOj
@techandeco4242
9 Jul 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Gitで3件の脆弱性が修正された。CVSSスコア8.1の遠隔コード実行CVE-2025-48384、CVSSスコア8.6の任意ファイル書き込みCVE-2025-48385、CVSSスコア6.3のバッファオーバーフローCVE-2025-48386。 https://t.co/Pz1vkUDUyA
@__kokumoto
9 Jul 2025
836 Impressions
2 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB276680-D286-4DF6-BCB7-CAC1D9D77E08",
"versionEndExcluding": "2.43.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"matchCriteriaId": "856A8970-74E2-4F8F-A1A6-2AB1C0C87E45",
"versionEndExcluding": "2.44.4",
"versionStartIncluding": "2.44.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1DB9BA-3D91-4F7D-931E-A664737129F0",
"versionEndExcluding": "2.45.4",
"versionStartIncluding": "2.45.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01BDA55C-F398-4286-ABC6-979A783BDC65",
"versionEndExcluding": "2.46.4",
"versionStartIncluding": "2.46.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF4A2ACC-0996-4869-884D-734D6006C032",
"versionEndExcluding": "2.47.3",
"versionStartIncluding": "2.47.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD21A83-8D62-4EE4-914B-B5ACA19A84A2",
"versionEndExcluding": "2.48.2",
"versionStartIncluding": "2.48.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95C1825C-B7A2-46E9-93D7-2D196DB2515E",
"versionEndExcluding": "2.49.1",
"versionStartIncluding": "2.49.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18F948AD-22C0-4B2E-B497-899F3A94B70A",
"versionEndExcluding": "2.50.1",
"versionStartIncluding": "2.50.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37CC7F40-CC3A-4AEB-9260-B621FE64735A",
"versionEndExcluding": "26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]