CVE-2025-46835

Summary

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.

Affected Software

VendorProductVersion RangeStatus
j6tgit-gui< 2.43.7affected
j6tgit-gui>= 2.44.0, < 2.44.4affected
j6tgit-gui>= 2.45.0, < 2.45.4affected
j6tgit-gui>= 2.46.0, < 2.46.4affected
j6tgit-gui>= 2.47.0, < 2.47.3affected
j6tgit-gui>= 2.48.0, < 2.48.2affected
j6tgit-gui>= 2.49.0, < 2.49.1affected
j6tgit-gui>= 2.50.0, < 2.50.1affected

Weaknesses

  • CWE-88: CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References