{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-48385", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-05-19T15:46:00.397Z", "datePublished": "2025-07-08T18:23:44.405Z", "dateUpdated": "2025-07-08T18:38:41.309Z"}, "containers": {"cna": {"title": "Git alllows arbitrary file writes via bundle-uri parameter injection", "problemTypes": [{"descriptions": [{"cweId": "CWE-88", "lang": "en", "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-73", "lang": "en", "description": "CWE-73: External Control of File Name or Path", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"}], "affected": [{"vendor": "git", "product": "git", "versions": [{"version": "< 2.43.7", "status": "affected"}, {"version": ">= 2.44.0-rc0, < 2.44.4", "status": "affected"}, {"version": ">= 2.45.0-rc0, < 2.45.4", "status": "affected"}, {"version": ">= 2.46.0-rc0, < 2.46.4", "status": "affected"}, {"version": ">= 2.47.0-rc0, < 2.47.3", "status": "affected"}, {"version": ">= 2.48.0-rc0, < 2.48.2", "status": "affected"}, {"version": ">= 2.49.0-rc0, < 2.49.1", "status": "affected"}, {"version": ">= 2.50.0-rc0, < 2.50.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-08T18:23:44.405Z"}, "descriptions": [{"lang": "en", "value": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. The use of bundle URIs is not enabled by default and can be controlled by the bundle.heuristic config option. Some cases of the vulnerability require that the adversary is in control of where a repository will be cloned to. This either requires social engineering or a recursive clone with submodules. These cases can thus be avoided by disabling recursive clones. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1."}], "source": {"advisory": "GHSA-m98c-vgpc-9655", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-08T18:38:28.946672Z", "id": "CVE-2025-48385", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T18:38:41.309Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-48385", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-08T18:38:28.946672Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T18:38:32.833Z"}}], "cna": {"title": "Git alllows arbitrary file writes via bundle-uri parameter injection", "source": {"advisory": "GHSA-m98c-vgpc-9655", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "git", "product": "git", "versions": [{"status": "affected", "version": "< 2.43.7"}, {"status": "affected", "version": ">= 2.44.0-rc0, < 2.44.4"}, {"status": "affected", "version": ">= 2.45.0-rc0, < 2.45.4"}, {"status": "affected", "version": ">= 2.46.0-rc0, < 2.46.4"}, {"status": "affected", "version": ">= 2.47.0-rc0, < 2.47.3"}, {"status": "affected", "version": ">= 2.48.0-rc0, < 2.48.2"}, {"status": "affected", "version": ">= 2.49.0-rc0, < 2.49.1"}, {"status": "affected", "version": ">= 2.50.0-rc0, < 2.50.1"}]}], "references": [{"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655", "name": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. The use of bundle URIs is not enabled by default and can be controlled by the bundle.heuristic config option. Some cases of the vulnerability require that the adversary is in control of where a repository will be cloned to. This either requires social engineering or a recursive clone with submodules. These cases can thus be avoided by disabling recursive clones. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-88", "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-08T18:23:44.405Z"}}}, "cveMetadata": {"cveId": "CVE-2025-48385", "state": "PUBLISHED", "dateUpdated": "2025-07-08T18:38:41.309Z", "dateReserved": "2025-05-19T15:46:00.397Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-07-08T18:23:44.405Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. The use of bundle URIs is not enabled by default and can be controlled by the bundle.heuristic config option. Some cases of the vulnerability require that the adversary is in control of where a repository will be cloned to. This either requires social engineering or a recursive clone with submodules. These cases can thus be avoided by disabling recursive clones. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1."}, {"lang": "es", "value": "Git es un sistema de control de revisiones distribuido, r\u00e1pido y escalable, con un conjunto de comandos excepcionalmente completo que proporciona operaciones de alto nivel y acceso completo a su funcionamiento interno. Al clonar un repositorio, Git puede obtener opcionalmente un paquete anunciado por el servidor remoto, lo que permite al servidor transferir partes del clon a una CDN. El cliente Git no realiza una validaci\u00f3n suficiente de los paquetes anunciados, lo que permite al servidor remoto realizar una inyecci\u00f3n de protocolo. Esta inyecci\u00f3n de protocolo puede provocar que el cliente escriba el paquete obtenido en una ubicaci\u00f3n controlada por el atacante. El contenido obtenido est\u00e1 totalmente controlado por el servidor, lo que, en el peor de los casos, puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. El uso de URI de paquete no est\u00e1 habilitado por defecto y se puede controlar mediante la opci\u00f3n de configuraci\u00f3n bundle.heuristic. En algunos casos de vulnerabilidad, el atacante debe controlar la ubicaci\u00f3n de clonaci\u00f3n de un repositorio. Esto requiere ingenier\u00eda social o una clonaci\u00f3n recursiva con subm\u00f3dulos. Por lo tanto, estos casos se pueden evitar deshabilitando las clonaciones recursivas. Esta vulnerabilidad se ha corregido en v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1 y v2.50.1."}], "id": "CVE-2025-48385", "lastModified": "2025-07-10T13:18:53.830", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-07-08T19:15:43.097", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}, {"lang": "en", "value": "CWE-88"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "git: Git arbitrary file writes", "id": "2378808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "status": "draft"}, "cwe": "(CWE-73|CWE-88)", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-48385", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "git", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "git", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "git", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "git", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "git", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Affected", "package_name": "devspaces/code-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}], "public_date": "2025-07-08T18:23:44Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-48385\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-48385\nhttps://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"], "statement": "This vulnerability marked as Important rather than a Moderate flaw because it enables protocol injection at the transport layer of Git's bundle-uri mechanism, allowing a remote server to manipulate how and where data is written on the client system during a clone operation. The lack of input sanitization on user-controlled values like the URI and target path means that malformed inputs containing spaces or newlines can break protocol framing, leading to arbitrary file writes. In scenarios such as CI pipelines, developer environments, or recursive clones with submodules, an attacker can exploit this to overwrite critical files or inject malicious content, potentially achieving remote code execution (RCE).", "threat_severity": "Important"}