8.0
HIGH
CVE-2025-48384
Git Symlink Execution Vulnerability
Description

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.

INFO

Published Date :

July 8, 2025, 7:15 p.m.

Last Modified :

July 10, 2025, 1:18 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

6.0

Exploitability Score :

1.3
Public PoC/Exploit Available at Github

CVE-2025-48384 has a 33 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2025-48384 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Git git
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-48384.

URL Resource
https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
testsssssssss-sss/CVE-2025-48384

None

Updated: 5 hours, 44 minutes ago
0 stars 0 fork 0 watcher
Born at : July 14, 2025, 7:21 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
duyntk2000/js-vuln-analysis

None

Python

Updated: 2 days, 11 hours ago
0 stars 0 fork 0 watcher
Born at : July 12, 2025, 1:44 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
vinieger/vinieger-CVE-2025-48384-Dockerfile

PoC dockerfile image for CVE-2025-48384

Dockerfile

Updated: 3 days, 1 hour ago
0 stars 0 fork 0 watcher
Born at : July 11, 2025, 11:10 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
qq1910591211/CVE-2025-48384

None

Updated: 3 days, 4 hours ago
0 stars 0 fork 0 watcher
Born at : July 11, 2025, 8:41 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
p1026/CVE-2025-48384

None

Updated: 3 days, 6 hours ago
0 stars 0 fork 0 watcher
Born at : July 11, 2025, 6:26 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
vinieger/CVE-2025-48384-bad-nginx

None

Updated: 3 days, 20 hours ago
0 stars 0 fork 0 watcher
Born at : July 10, 2025, 3:48 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
vinieger/CVE-2025-48384-bad-nginx-submodule

None

Updated: 3 days, 20 hours ago
0 stars 0 fork 0 watcher
Born at : July 10, 2025, 3:39 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
altm4n/cve-2025-48384-hub

None

Shell

Updated: 3 days, 11 hours ago
0 stars 0 fork 0 watcher
Born at : July 10, 2025, 1:46 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
altm4n/cve-2025-48384

None

Updated: 3 days, 11 hours ago
0 stars 0 fork 0 watcher
Born at : July 10, 2025, 1:45 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
testsssssssss-sss/sasas

None

Updated: 3 days, 23 hours ago
0 stars 0 fork 0 watcher
Born at : July 10, 2025, 1:12 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
testsssssssss-sss/CVE-2025-48384

None

Updated: 4 days ago
0 stars 0 fork 0 watcher
Born at : July 10, 2025, 12:57 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
altm4n/CVE-2025-48384

None

Updated: 4 days, 3 hours ago
0 stars 0 fork 0 watcher
Born at : July 10, 2025, 9:47 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
Alex0Young/tttt

None

Dockerfile

Updated: 4 days, 3 hours ago
0 stars 0 fork 0 watcher
Born at : July 10, 2025, 8:52 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
testdjshan/CVE-2025-48384

CVE-2025-48384

Updated: 4 days, 4 hours ago
0 stars 0 fork 0 watcher
Born at : July 10, 2025, 8:39 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
greatyy/CVE-2025-48384-p

None

Updated: 4 days, 5 hours ago
0 stars 0 fork 0 watcher
Born at : July 10, 2025, 7:42 a.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-48384 vulnerability anywhere in the article.

  • Daily CyberSecurity
Git Project Patches 3 Flaws: RCE, Arbitrary File Writes & Buffer Overflow

The Git Project has released updates addressing three significant vulnerabilities impacting Git versions up to v2.50.0, including one that could allow remote code execution during repository cloning, ... Read more

Published Date: Jul 09, 2025 (5 days, 11 hours ago)
CVE-2025-48386 CVE-2025-48385 CVE-2025-48384 CVE-2023-29007

The following table lists the changes that have been made to the CVE-2025-48384 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Jul. 08, 2025

    Action Type Old Value New Value
    Added Description Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
    Added CVSS V3.1 AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
    Added CWE CWE-59
    Added CWE CWE-436
    Added Reference https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-48384 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-48384 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: Jul. 14, 2025 13:11