Vulnerability Unveiled for Critical Arbitrary File Writing in Git Command Line Interface (CVE-2025-48384)
In a recent development, a high-severity vulnerability, CVE-2025-48384, has been discovered in Git, affecting certain versions of the Git CLI for macOS and Linux. This vulnerability allows threat actors to execute malicious code when cloning repositories, posing a significant supply chain risk, particularly for developers who work with third-party code.
The vulnerability stems from Git stripping trailing carriage return characters when reading config values and failing to quote them when writing. This can lead to unexpected code execution when cloning repositories, especially when combined with a symlink pointing to the submodule hooks directory and an executable post-checkout hook.
To mitigate this risk, it is advised to follow organizational patching and testing guidelines to minimize potential operational impact. Arctic Wolf recommends upgrading to the latest fixed versions of Git CLI for macOS and Linux (v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1 and later versions) to address CVE-2025-48384.
It is crucial to avoid cloning untrusted repositories in sensitive environments due to the risk of unexpected supply chain issues. Additionally, using the switch in the clone command should be avoided to prevent this vulnerability from being exploited.
Datadog has confirmed the availability of a proof-of-concept exploit for this vulnerability, and the GitHub announcement for this issue can be found here. Technical details about the vulnerability can be found here.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) updated Git on July 8, 2025, to fix the high-severity vulnerability. The Git project also released new versions to address CVE-2025-48384 on the same date.
Upgrading Git on a Mac requires updating your PATH to use the new version, as the system version at is not replaced by installing a newer version. Arctic Wolf's threat intelligence is utilized to harden attack surfaces and stop threats earlier and faster.
Understanding the threat landscape and ways to better defend organizations can be gleaned from the 2025 Arctic Wolf Threat Report. It is essential to stay vigilant and proactive in securing your environment against such vulnerabilities.
){kind=link}