Git arbitrary file write in submodule cloning actively exploited remote code execution flaw (CVE-2025-48384)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-48384 in Git is being exploited in attacks, creating urgent risk of arbitrary file writes and possible remote code execution on macOS and Linux systems that clone repositories with submodules. The flaw affects cloning with the `recursive` flag, where malformed submodule paths can redirect writes to unexpected locations. CISA added the bug to its KEV catalog and ordered federal agencies to patch it by September 15.
Timeline
-
26.08.2025 11:08 1 articles · 9mo ago
Git fixes CVE-2025-48384 and Datadog flags a public PoC
Technical Analysis UpdateGit releases fixes for CVE-2025-48384 in versions 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1 after an arbitrary file write flaw is identified in repository cloning with submodules that use the recursive flag. Datadog also warns that proof-of-concept code targeting the bug has been released, and that malicious .gitmodules paths ending in a carriage return can redirect submodule contents and produce arbitrary writes across the filesystem.
Show sources
- Organizations Warned of Exploited Git Vulnerability — www.securityweek.com — 26.08.2025 11:08
-
26.08.2025 11:08 1 articles · 9mo ago
CISA adds CVE-2025-48384 to KEV and orders patching
Legal Policy Action UpdateCISA warns that CVE-2025-48384 in Git is being exploited in attacks, adds it to the Known Exploited Vulnerabilities catalog, and directs federal agencies to patch by September 15 under BOD 22-01. The flaw affects macOS and Linux systems, while Windows machines are immune, so organizations using vulnerable Git deployments are advised to apply the fixed versions and follow KEV guidance.
Show sources
- Organizations Warned of Exploited Git Vulnerability — www.securityweek.com — 26.08.2025 11:08