⚠ Actively exploited
Added to CISA KEV on 2025-08-25. Federal agencies required to patch by 2025-09-15. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..
CVE-2025-48384
Severity
8.0HIGH
EPSS
0.5%
top 35.33%
CISA KEV
KEV
Added 2025-08-25
Due 2025-09-15
Exploit
No known exploits
Affected products
Timeline
PublishedJul 8
KEV addedAug 25
KEV dueSep 15
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Description
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 1.3 | Impact: 6.0
Affected Packages4 packages
Also affects: Debian Linux 11.0
🔴Vulnerability Details
3OSV▶
CVE-2025-48384: Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full acce↗2025-07-08