CVE-2025-66413

CWE-200 — Information Exposure4 documents4 sources

Severity

7.4HIGH

EPSS

0.0%

top 89.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Git-for-windows GIT

Timeline

PublishedMar 10

Description

Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is fixed in 2.53.0(2).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages1 packages

▶CVEListV5git-for-windows/git< 2.53.0(2)

🔴Vulnerability Details

CVEList

Git for Windows leaks NTLM hash when cloning from an attacker-controlled server↗2026-03-10

▶

📋Vendor Advisories

Microsoft

Git for Windows leaks NTLM hash when cloning from an attacker-controlled server↗2026-03-10

▶

🕵️Threat Intelligence

Wiz

CVE-2025-66413 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶