{"id":59490,"date":"2025-07-19T11:59:28","date_gmt":"2025-07-19T11:59:28","guid":{"rendered":""},"modified":"2025-10-21T04:13:31","modified_gmt":"2025-10-21T10:13:31","slug":"cve-2025-46334-critical-vulnerability-in-git-gui-enables-potential-system-compromise","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-46334-critical-vulnerability-in-git-gui-enables-potential-system-compromise\/","title":{"rendered":"<strong>CVE-2025-46334: Critical Vulnerability in Git GUI Enables Potential System Compromise<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The cybersecurity landscape is continuously evolving, with new vulnerabilities being discovered on a regular basis. One such vulnerability, identified as CVE-2025-46334, poses a significant risk to users of Git GUI, a popular interface for the Git source control management tools. This <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-41666-watchdog-file-replacement-vulnerability-allowing-remote-access-and-control\/\"  data-wpil-monitor-id=\"66805\">vulnerability allows<\/a> a malicious repository to deliver harmful versions of sh.exe or typical textconv filter programs, such as astextplain, leading to potential system compromise or data leakage.<br \/>\nThis <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-49688-double-free-vulnerability-in-windows-rras-opens-door-for-unauthorized-code-execution\/\"  data-wpil-monitor-id=\"67771\">vulnerability essentially stems from the design of Tcl on Windows<\/a>, where the search path for an executable always includes the current directory. This comes into action when the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-9693-arbitrary-file-deletion-vulnerability-in-user-meta-user-profile-builder-plugin-for-wordpress\/\"  data-wpil-monitor-id=\"90621\">user selects Git Bash or Browse Files<\/a> from the menu, consequently invoking the malicious programs. Given the widespread use of <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-46835-high-risk-vulnerability-in-git-gui-allows-unauthorized-file-overwrite\/\"  data-wpil-monitor-id=\"66804\">Git GUI<\/a>, this vulnerability could have far-reaching implications if not addressed promptly.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-46334<br \/>\nSeverity: Critical (8.6 CVSS Score)<br \/>\nAttack Vector: Remote<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: Required<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-45346-sql-injection-vulnerability-in-bacula-web-resulting-in-potential-system-compromise\/\"  data-wpil-monitor-id=\"67850\">Potential system<\/a> compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-4027075410\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Git GUI | Prior to 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, 2.50.1<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The exploit takes advantage of a design flaw in Tcl on Windows, which always includes the current directory in the <a class=\"wpil_keyword_link\" href=\"https:\/\/www.ameeba.com\/pseudopod\"   title=\"search\" data-wpil-keyword-link=\"linked\"  data-wpil-monitor-id=\"90957\">search<\/a> path when looking for an executable. A malicious repository can then ship harmful versions of sh.exe or typical textconv filter programs, such as astextplain. These programs are invoked when the user selects Git Bash or Browse Files from the menu.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-2719987237\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>While the exact exploit code may vary, a conceptual example might look something like this:<\/p>\n<pre><code class=\"\" data-line=\"\"># Creating a malicious repository\ngit init malicious_repo\ncd malicious_repo\n# Creating a malicious sh.exe\necho &#039;echo You have been pwned&#039; &gt; sh.exe\n# Committing the malicious sh.exe to the repository\ngit add sh.exe\ngit commit -m &quot;Add sh.exe&quot;<\/code><\/pre>\n<p>When a user clones this repository and <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-58158-harness-open-source-git-lfs-server-vulnerability\/\"  data-wpil-monitor-id=\"85509\">opens it in Git<\/a> GUI, then selects Git Bash or Browse Files, the malicious sh.exe is executed.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The cybersecurity landscape is continuously evolving, with new vulnerabilities being discovered on a regular basis. One such vulnerability, identified as CVE-2025-46334, poses a significant risk to users of Git GUI, a popular interface for the Git source control management tools. This vulnerability allows a malicious repository to deliver harmful versions of sh.exe or typical [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[82],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-59490","post","type-post","status-publish","format-standard","hentry","category-uncategorized","vendor-microsoft"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/59490","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=59490"}],"version-history":[{"count":6,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/59490\/revisions"}],"predecessor-version":[{"id":83913,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/59490\/revisions\/83913"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=59490"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=59490"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=59490"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=59490"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=59490"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=59490"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=59490"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=59490"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=59490"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}