SB2025071447 - Ubuntu update for git

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025071447

SB2025071447 - Ubuntu update for git

Published: July 14, 2025 Updated: September 17, 2025

Security Bulletin ID SB2025071447
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 67% Medium 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Protection Mechanism Failure (CVE-ID: CVE-2025-27613)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists in Gitk when cloning an untrusted repository and executing Gitk without additional command arguments. A remote attacker can abuse such behavior and overwrite or truncate any files on the system. 

Successful exploitation of the vulnerability requires that the "Support per-file encoding" option is enabled. 


2) Product UI does not warn user of unsafe actions (CVE-ID: CVE-2025-46835)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing notifications in Git GUI when performing potentially dangerous actions. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite any writable file.


3) Input validation error (CVE-ID: CVE-2025-27614)

The vulnerability allows a remote attacker to compromise the affected system.

A Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the attacker by invoking `gitk filename`, where `filename` has a particular structure.


4) CRLF injection (CVE-ID: CVE-2025-48384)

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to insufficient validation of attacker-supplied data when reading config values. A remote user can pass specially crafted config lines to the application containing CR-LF characters and execute arbitrary code on the system after checkout.


5) Input validation error (CVE-ID: CVE-2025-48385)

The vulnerability allows a remote attacker to compromise the affected client.

The vulnerability exists due to insufficient validation of bundle-uri parameter when cloning a repository. A remote attacker can trick the victim into cloning a specially crafted repository, perform a protocol injection attack and write code to arbitrary locations on the system, leading to remote code execution. 


6) Buffer overflow (CVE-ID: CVE-2025-48386)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in wincred credential helper. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows.


Remediation

Install update from vendor's website.

References