CVE-2025-48384

Confirmed PUBLISHED

Git allows arbitrary code execution through broken config quoting

git · git

1 day faster than CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
8.0 High EPSS 2.8%

At a Glance

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.

cisa
CVE Published
Jul 08, 2025
Exploitation Reported
Jun 01, 2026
CVSS
8.0 High
EPSS
2.8%
Remote

Affected Versions

Vendor Product Version Status
git
git

< 2.43.7

Affected
git
git

>= 2.44.0-rc0, < 2.44.4

Affected
git
git

>= 2.45.0-rc0, < 2.45.4

Affected
git
git

>= 2.46.0-rc0, < 2.46.4

Affected
git
git

>= 2.47.0-rc0, < 2.47.3

Affected
git
git

>= 2.48.0-rc0, < 2.48.2

Affected
git
git

>= 2.49.0-rc0, < 2.49.1

Affected
git
git

>= 2.50.0-rc0, < 2.50.1

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.