Git vulnerability allowing arbitrary code execution through malicious repositories with crafted submodule paths. Requires user interaction (git clone --recursive) and primarily affects client-side Git operations rather than internet-facing server applications.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: USER_INTERACTION
CVE Published: 2025-07-08
Added to CISA KEV: 2025-08-25 48 DAYS BETWEEN CVE AND KEV
Successful exploitation could allow a remote attacker to execute arbitrary code upon cloning a Git repository. CVE-2025-48384 stems from ...
The US cybersecurity agency CISA on Monday warned that a recent vulnerability in Git has been exploited in attacks, urging its immediate patching. The flaw, tracked as CVE-2025-48384 (CVSS score of 8.1), is described as an arbitrary file write during the cloning of repositories with submodules that use a βrecursiveβ flag.
Root Security Bulletin: CVE-2025-48384 β Critical Git Vulnerability Actively Exploited. Date: August 26, 2025 Severity: High (CVSS v3.1 Score: 8.0). Overview.Technical Details. The vulnerability arises from an inconsistency in Git's configuration parsing logic
CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers.
Description. CVE-2025-48384 describes a vulnerability in Git related to the handling of trailing carriage return characters in submodule paths during initialization . This can lead to a scenario where a post-checkout hook is unintentionally executed, potentially allowing malicious code execution.