Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2025-46835

Опубликовано: 08 июл. 2025
Источник: msrc
EPSS Низкий

Описание

MITRE: CVE-2025-46835 Git File Overwrite Vulnerability

CVE-2025-46835 is regarding a vulnerability in Git GUI where when a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite any writable file. MITRE created this CVE on their behalf. The documented Visual Studio updates incorporate updates in GitK which address this vulnerability.

Please see CVE-2025-46835 for more information.

Обновления

ПродуктСтатьяОбновление
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Release Notes
Security Update
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Release Notes
Security Update
Microsoft Visual Studio 2022 version 17.8
Release Notes
Security Update
Microsoft Visual Studio 2022 version 17.10
Release Notes
Security Update
Microsoft Visual Studio 2022 version 17.12
Release Notes
Security Update
Microsoft Visual Studio 2022 version 17.14
Release Notes
Security Update

Показывать по

Возможность эксплуатации

DOS

N/A

EPSS

Процентиль: 4%
0.00022
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-46835

CVSS3: 8.5
ubuntu
около 1 месяца назад

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.

redhat логотип

CVE-2025-46835

CVSS3: 3.1
redhat
около 1 месяца назад

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.

nvd логотип

CVE-2025-46835

CVSS3: 8.5
nvd
около 1 месяца назад

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.

debian логотип

CVE-2025-46835

CVSS3: 8.5
debian
около 1 месяца назад

Git GUI allows you to use the Git source control management tools via ...

fstec логотип

BDU:2025-09361

CVSS3: 8.5
fstec
около 1 месяца назад

Уязвимость графический интерфейс пользователя Git GUI, связанная с внедрением или модификацией аргументов, позволяющая нарушителю создавать или перезаписывать произвольные файлы

EPSS

Процентиль: 4%
0.00022
Низкий