CVE-2025-48384HIGH 8.0CISA KEVEPSS p84.5%

CVE-2025-48384Git Link Following Vulnerability

Git / Git

Description

Git contains a link following vulnerability that stems from Git’s inconsistent handling of carriage return characters in configuration files.

Scoring

CVSS 3.18.0 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS2.77% probability of exploitation · percentile 84.5% · 2026-06-19T12:03:05Z
Published2025-07-08
Last modified2025-11-06

CISA KEV entry

Added to KEV: 2025-08-25

Underlying weaknesses· 2

CWE-59CWE-436

References

  1. https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9
  2. http://seclists.org/fulldisclosure/2025/Sep/60
  3. http://www.openwall.com/lists/oss-security/2025/07/08/4
  4. https://lists.debian.org/debian-lts-announce/2025/10/msg00003.html
  5. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48384

2

TypeTargetConfidenceTier
WeaknessInterpretation Conflictcwe-4360%live
WeaknessImproper Link Resolution Before File Access ('Link Following')cwe-590%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryGit Link Following Vulnerabilitykev-cve-2025-483840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-46835
CVE
CVE-2025-26625
CVE
CVE-2025-8279
CVE
CVE-2025-4674
CVE
CVE-2026-3854
CVE
CVE-2025-9642
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.