cbcvebase.
CVE-2025-22620
published 2025-01-20

CVE-2025-22620: gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files…

PriorityP420medium5CVSS 3.1
AVLACLPRLUIRSUCNIHAN
EPSS
0.36%
28.0th percentile
gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some situations. This vulnerability is fixed in 0.17.0.

Affected

2 ranges
VendorProductVersion rangeFixed in
debianrust-gix-worktree-state< rust-gix-worktree-state 0.11.1-2 (forky)rust-gix-worktree-state 0.11.1-2 (forky)
gitoxidelabsgitoxide< 0.17.00.17.0

CVSS provenance

nvdv3.15.0MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.