CVE-2025-46835 — Argument Injection in Git-gui

CWE-88 — Argument Injection CWE-476 — NULL Pointer Dereference12 documents6 sources

Severity

8.5HIGHNVD

OSV3.6

EPSS

0.0%

top 98.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

J6T Git-gui GIT Debian GIT +13 more

Timeline

PublishedJul 10

Description

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:LExploitability: 1.8 | Impact: 6.0

Affected Packages17 packages

▶debiandebian/git< git 1:2.39.5-0+deb12u3 (bookworm)

▶CVEListV5j6t/git-gui< 2.43.7+7

▶Debiangit/git< 1:2.30.2-1+deb11u5+3

▶Ubuntugit/git< 1:2.34.1-1ubuntu1.14+12

▶msrcmsrc/azure_linux_3.0_arm

🔴Vulnerability Details

OSV

CVE-2025-46835: Git GUI allows you to use the Git source control management tools via a GUI↗2025-07-10

▶

OSV

git regression↗2025-07-10

▶

OSV

git regression↗2025-07-09

▶

OSV

git vulnerabilities↗2025-07-08

▶

📋Vendor Advisories

Red Hat

git: Git GUI can create and overwrite files for which the user has write permission↗2025-07-10

▶

Ubuntu

Git regression↗2025-07-10

▶

Ubuntu

Git regression↗2025-07-09

▶

Ubuntu

Git vulnerabilities↗2025-07-08

▶

Microsoft

GitHub: CVE-2025-46835 Git File Overwrite Vulnerability↗2025-07-08

▶