← voltar
CVE-2025-48384

Git allows arbitrary code execution through broken config quoting

CVSS 8.1 HIGHEPSS 2.8%● KEVCWE-436CWE-59
Em resumo

Git não aspas corretamente valores de configuração com retorno de carro no final, fazendo submódulos serem clonados em locais errados. Se um link simbólico aponta para o diretório de hooks do Git, um atacante consegue enganar o Git para executar scripts maliciosos durante a configuração do submódulo.

Detalhe técnico

Ao ler valores de configuração, Git remove caracteres CRLF, mas não aspas valores com CR final ao escrever, causando interpretação incorreta do caminho durante inicialização de submódulo. Um atacante pode preparar um repositório com caminho de submódulo contendo CR que, combinado com link simbólico apontando para o diretório hooks, dispara execução não intencional de scripts post-checkout. Requer que usuário clone repositório malicioso ou atualize submódulos (CWE-436: Conflito de Interpretação, CWE-59: Resolução Inadequada de Link).

Resumo gerado e traduzido por IA a partir da descrição oficial.
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Produtos afetados
git · git
PoCs públicas encontradas43
githubgithub.com/acheong08/CVE-2025-4838452githubgithub.com/liamg/CVE-2025-4838421githubgithub.com/zr0n/CVE-2025-48384-main1githubgithub.com/zr0n/CVE-2025-48384-sub1githubgithub.com/IK-20211125/CVE-2025-483841githubgithub.com/vinieger/vinieger-CVE-2025-48384-Dockerfile1githubgithub.com/beishanxueyuan/CVE-2025-48384-test1githubgithub.com/ppd520/CVE-2025-483840githubgithub.com/NigelX/CVE-2025-483840githubgithub.com/greatyy/CVE-2025-48384-p0githubgithub.com/testdjshan/CVE-2025-483840githubgithub.com/altm4n/cve-2025-483840githubgithub.com/altm4n/cve-2025-48384-hub0githubgithub.com/p1026/CVE-2025-483840githubgithub.com/simplyfurious/CVE-2025-48384-submodule_test0githubgithub.com/Anezatraa/CVE-2025-48384-submodule0githubgithub.com/elprogramadorgt/CVE-2025-483840githubgithub.com/f1shh/CVE-2025-483840githubgithub.com/fluoworite/CVE-2025-483840githubgithub.com/fluoworite/CVE-2025-48384-sub0githubgithub.com/beishanxueyuan/CVE-2025-483840githubgithub.com/replicatorbot/CVE-2025-483840githubgithub.com/replicatorbot/CVE-2025-48384-POC0githubgithub.com/eliox01/CVE-2025-483840githubgithub.com/jacobholtz/CVE-2025-48384-poc0githubgithub.com/jacobholtz/CVE-2025-48384-submodule0githubgithub.com/butyraldehyde/CVE-2025-48384-PoC-Part20githubgithub.com/butyraldehyde/CVE-2025-48384-PoC0githubgithub.com/arun1033/CVE-2025-483840githubgithub.com/s41r4j/CVE-2025-483840githubgithub.com/s41r4j/CVE-2025-48384-submodule0githubgithub.com/vignesh21-git/CVE-2025-483840githubgithub.com/vignesh21-git/CVE-2025-48384-submodule0githubgithub.com/DayDayDayDreaming/backup-exec-cve-483840githubgithub.com/sathish46-lab/CVE-2025-48384-submodule0githubgithub.com/ECHO6789/CVE-2025-48384-submodule0githubgithub.com/Fomovet/cve-2025-483840githubgithub.com/nguyentranbaotran/cve-2025-48384-poc0githubgithub.com/admin-ping/CVE-2025-48384-RCE0githubgithub.com/fishyyh/CVE-2025-483840githubgithub.com/kallydev/cve-2025-48384-hook0githubgithub.com/fishyyh/CVE-2025-48384-POC0githubgithub.com/liamg/CVE-2025-48384-submodule0
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://seclists.org/fulldisclosure/2025/Sep/60https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9https://lists.debian.org/debian-lts-announce/2025/10/msg00003.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48384http://www.openwall.com/lists/oss-security/2025/07/08/4