Security Intelligence
Loading table of contents...
On August 25, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability affecting Git project to its Known Exploited Vulnerabilities catalog, noting its active exploitation.
The vulnerability, tracked as CVE-2025-48384, affects Git installations on macOS and Linux systems. Git project disclosed and patched the issue on July 8, 2025, assigning it a high-severity CVSS score of 8.1 out of 10.
It was addressed in Git versions:
- 2.43.7
- 2.44.4
- 2.45.4
- 2.46.4
- 2.47.3
- 2.48.2
- 2.49.1
- 2.50.1
This flaw exploits trust in the Git workflow. Threat actors could take control of the systems by tricking systems developers or automated build environments into cloning a malicious Git repository.
The attacker doesn’t need to compromise the user directly; instead, they would craft a repository that appears legitimate but contains malicious code. When a developer or CI/CD system clones it, Git’s flawed handling of certain characters allows the attacker’s code to be silently executed.
This could enable attackers to potentially tamper with software during development, steal credentials, or gain deeper access to internal infrastructure.
The vulnerability does not affect Windows systems due to differences in how they process certain special characters, but the risk remains elevated for organizations with mixed environments or open-source dependencies.
Proof-of-concept exploit code was released publicly within days of the patch, and security researchers demonstrated how the flaw could be weaponized in real-world scenarios.
Stay on top of emerging threats like this.
Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities.
Analyst insight
The vulnerability targets a foundational tool in modern software development, and its exploitation aligns with broader trends in supply chain attacks. Given the nature of the flaw, exploitation can occur without user awareness, making it an effective vector for supply chain compromise.
We recommend patching Git installations immediately and auditing environments for exposure. Security teams should verify Git versions across all developer endpoints and CI/CD infrastructure, prioritizing systems with elevated privileges or access to sensitive repositories.
Where immediate patching is not feasible, temporary workarounds include disabling submodule initialization or enforcing strict repository cloning policies. Organizations should validate Git usage across developer endpoints and CI/CD systems, restrict cloning from unknown sources, and ensure that Git activity is logged and reviewed.
