CVE-2025-48384 - Git Link Following Vulnerability
Project:Git
Product:Git
Date Added:2025-08-25Due Date:2025-09-15
Vulnerability Name
Git Link Following Vulnerability
Description
Git contains a link following vulnerability that stems from Git’s inconsistent handling of carriage return characters in configuration files.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9
https://access.redhat.com/errata/RHSA-2025:13933
https://alas.aws.amazon.com/AL2/ALAS2-2025-2941.html
https://linux.oracle.com/errata/ELSA-2025-11534.html
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48384
https://nvd.nist.gov/vuln/detail/CVE-2025-48384
Related News Articles
CISA warns of actively exploited Git code execution flawAugust 26, 2025
Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384)August 26, 2025
CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and GitAugust 26, 2025