Security Update News
Update Information
| Title |
MITRE: CVE-2025-48384 Git Symlink Vulnerability |
| Update ID |
MS:CVE-2025-48384 |
| Type |
mscve |
| Published |
2025-07-08T07:00:00 |
| Last Updated |
2025-07-08T07:00:00 |
Security Impact
| CVSS Score |
8.0 |
| Severity |
HIGH |
AI Analysis
| AI Description |
A vulnerability in Git where trailing CRLF characters are mishandled, potentially leading to incorrect submodule paths and unintended execution of scripts via symlinks. |
| AI Severity |
High |
| AI Vendor |
Git Project Community |
| AI Product |
Git |
| AI Version |
Not specified |
Affected CVEs
Update Details
CVE-2025-48384 is regarding a vulnerability in Git where when reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. MITRE created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Git which address this vulnerability.
Please see CVE-2025-48384 for more information.
View Advisory Details
