Overview
In the dynamic world of cybersecurity, the discovery of a high-risk vulnerability in the popular source control management tool, Git GUI, raises serious concerns for users and administrators alike. This vulnerability, identified as CVE-2025-46835, poses a significant threat to any user who clones untrusted repositories and can lead to potential system compromise or data leakage.
The vulnerability affects a wide range of users due to the widespread use of Git GUI in software development. Being a tool that allows developers to interact with Git via a Graphical User Interface, the implications of this vulnerability are far-reaching, affecting individual developers, large software development teams, and organizations that rely on Git for version control.
Vulnerability Summary
CVE ID: CVE-2025-46835
Severity: High-Risk (CVSS: 8.5)
Attack Vector: Network
Privileges Required: None
User Interaction: Required
Impact: System Compromise, Data Leakage
Affected Products
Share secrets securely
Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.
Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.
- • Encrypted identity
- • Private Spaces for organizations and teams
- • End-to-end encrypted chat, calls, files, and notes
- • Sensitive AI work and protected collaboration
- • Built for information that cannot leak
Our mission is to secure human work alongside AI.
Product | Affected Versions
Git GUI | Prior to 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, 2.50.1
How the Exploit Works
The vulnerability lies within the functionality of Git GUI that allows users to edit files within the repository. When a user is tricked into cloning an untrusted repository and editing a file located in a maliciously named directory, Git GUI can create and overwrite files for which the user has write permission. By exploiting this vulnerability, an attacker can manipulate the file system on the user’s machine, potentially leading to system compromise or data leakage.
Conceptual Example Code
Here is a conceptual example of how the vulnerability might be exploited. An attacker could create a malicious repository with a specially crafted directory and file:
mkdir ../../../tmp/exploit
echo "malicious code" > ../../../tmp/exploit/exploit.txt
git add .
git commit -m "CVE-2025-46835 exploit"An unsuspecting user could then clone this repository and be tricked into editing the `exploit.txt` file. Git GUI would then overwrite the file at `/tmp/exploit/exploit.txt` with the contents of the edited file.
Mitigation
To mitigate this vulnerability, users are strongly advised to update Git GUI to the latest patched versions: 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, or 2.50.1. If updating is not immediately possible, using a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can provide temporary mitigation. Additionally, users should be wary of cloning untrusted repositories and editing files within them.