Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2025-46835

Published: July 10, 2025Last modified: August 6, 2025

Description

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.

Severity score breakdown

ParameterValue
Base score8.5
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactLOW
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSgitFixed (2.43.7-r0)
25 LTSgitFixed (2.49.1-r0)
StreamgitFixed (2.50.1-r0)

References

ON THIS PAGE