Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-46835

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.

Published

2025-07-10T15:15:29.503

Last Modified

2025-11-04T22:16:15.913

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 8.5 (HIGH)

Weaknesses

Type: Secondary
CWE-88

Affected Vendors & Products

References

https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da ([email protected])
https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg ([email protected])
http://www.openwall.com/lists/oss-security/2025/07/08/4 (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2025/10/msg00003.html (af854a3a-2127-422b-91ae-364da2661108)