CVE-2025-27614HIGH 8.6EPSS p22.9%

CVE-2025-27614CVE-2025-27614

Description

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS0.31% probability of exploitation · percentile 22.9% · 2026-06-18T12:00:27Z
Published2025-07-10
Last modified2026-04-15

Underlying weaknesses· 1

CWE-78

References

  1. https://github.com/j6t/gitk/commit/8e3070aa5e331be45d4d03e3be41f84494fce129
  2. https://github.com/j6t/gitk/security/advisories/GHSA-g4v5-fjv9-mhhc
  3. http://www.openwall.com/lists/oss-security/2025/07/08/4

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-46334
CVE
CVE-2025-46835
CVE
CVE-2026-42215
CVE
CVE-2026-42284
CVE
CVE-2026-11572
CVE
CVE-2025-55037
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.