{"id":59490,"date":"2025-07-19T11:59:28","date_gmt":"2025-07-19T11:59:28","guid":{"rendered":""},"modified":"2025-10-21T04:13:31","modified_gmt":"2025-10-21T10:13:31","slug":"cve-2025-46334-critical-vulnerability-in-git-gui-enables-potential-system-compromise","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-46334-critical-vulnerability-in-git-gui-enables-potential-system-compromise\/","title":{"rendered":"<strong>CVE-2025-46334: Critical Vulnerability in Git GUI Enables Potential System Compromise<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The cybersecurity landscape is continuously evolving, with new vulnerabilities being discovered on a regular basis. One such vulnerability, identified as CVE-2025-46334, poses a significant risk to users of Git GUI, a popular interface for the Git source control management tools. This <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-41666-watchdog-file-replacement-vulnerability-allowing-remote-access-and-control\/\"  data-wpil-monitor-id=\"66805\">vulnerability allows<\/a> a malicious repository to deliver harmful versions of sh.exe or typical textconv filter programs, such as astextplain, leading to potential system compromise or data leakage.<br \/>\nThis <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-49688-double-free-vulnerability-in-windows-rras-opens-door-for-unauthorized-code-execution\/\"  data-wpil-monitor-id=\"67771\">vulnerability essentially stems from the design of Tcl on Windows<\/a>, where the search path for an executable always includes the current directory. This comes into action when the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-9693-arbitrary-file-deletion-vulnerability-in-user-meta-user-profile-builder-plugin-for-wordpress\/\"  data-wpil-monitor-id=\"90621\">user selects Git Bash or Browse Files<\/a> from the menu, consequently invoking the malicious programs. Given the widespread use of <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-46835-high-risk-vulnerability-in-git-gui-allows-unauthorized-file-overwrite\/\"  data-wpil-monitor-id=\"66804\">Git GUI<\/a>, this vulnerability could have far-reaching implications if not addressed promptly.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-46334<br \/>\nSeverity: Critical (8.6 CVSS Score)<br \/>\nAttack Vector: Remote<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: Required<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-45346-sql-injection-vulnerability-in-bacula-web-resulting-in-potential-system-compromise\/\"  data-wpil-monitor-id=\"67850\">Potential system<\/a> compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-2736371572\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 720px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 22px; font-weight: 600; display: flex; align-items: center; letter-spacing: -0.02em;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 10px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 42px; height: 42px;\" \/>\r\n    <\/a>\r\n    Share secrets securely\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 14px; color: #d1d5db;\">\r\n    Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 18px; color: #a1a1aa;\">\r\n    Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 24px; color: #e4e4e7;\">\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Encrypted identity<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Private Spaces for organizations and teams<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 End-to-end encrypted chat, calls, files, and notes<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Sensitive AI work and protected collaboration<\/li>\r\n    <li>\u2022 Built for information that cannot leak<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px; color: #ffffff;\">\r\n    Our mission is to secure human work alongside AI.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Download Ameeba\r\n    <\/a>\r\n\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Learn More\r\n    <\/a>\r\n  <\/div>\r\n<\/div><\/div>\n<p>Product | Affected Versions<\/p>\n<p>Git GUI | Prior to 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, 2.50.1<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The exploit takes advantage of a design flaw in Tcl on Windows, which always includes the current directory in the <a class=\"wpil_keyword_link\" href=\"https:\/\/www.ameeba.com\/pseudopod\"   title=\"search\" data-wpil-keyword-link=\"linked\"  data-wpil-monitor-id=\"90957\">search<\/a> path when looking for an executable. A malicious repository can then ship harmful versions of sh.exe or typical textconv filter programs, such as astextplain. These programs are invoked when the user selects Git Bash or Browse Files from the menu.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-3854570852\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>While the exact exploit code may vary, a conceptual example might look something like this:<\/p>\n<pre><code class=\"\" data-line=\"\"># Creating a malicious repository\ngit init malicious_repo\ncd malicious_repo\n# Creating a malicious sh.exe\necho &#039;echo You have been pwned&#039; &gt; sh.exe\n# Committing the malicious sh.exe to the repository\ngit add sh.exe\ngit commit -m &quot;Add sh.exe&quot;<\/code><\/pre>\n<p>When a user clones this repository and <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-58158-harness-open-source-git-lfs-server-vulnerability\/\"  data-wpil-monitor-id=\"85509\">opens it in Git<\/a> GUI, then selects Git Bash or Browse Files, the malicious sh.exe is executed.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The cybersecurity landscape is continuously evolving, with new vulnerabilities being discovered on a regular basis. One such vulnerability, identified as CVE-2025-46334, poses a significant risk to users of Git GUI, a popular interface for the Git source control management tools. This vulnerability allows a malicious repository to deliver harmful versions of sh.exe or typical [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[82],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-59490","post","type-post","status-publish","format-standard","hentry","category-uncategorized","vendor-microsoft"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/59490","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=59490"}],"version-history":[{"count":6,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/59490\/revisions"}],"predecessor-version":[{"id":83913,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/59490\/revisions\/83913"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=59490"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=59490"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=59490"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=59490"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=59490"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=59490"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=59490"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=59490"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=59490"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}