CVE Vulnerabilities

CVE-2025-48384

Improper Link Resolution Before File Access ('Link Following')

Published: Jul 08, 2025 | Modified: Jul 10, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
8 IMPORTANT
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Ubuntu
MEDIUM

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.

Weakness

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Name Vendor Start Version End Version
Red Hat Enterprise Linux 10 RedHat git-0:2.47.3-1.el10_0 *
Red Hat Enterprise Linux 7 Extended Lifecycle Support RedHat git-0:1.8.3.1-25.el7_9.1 *
Red Hat Enterprise Linux 8 RedHat git-0:2.43.7-1.el8_10 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat git-0:2.18.4-5.el8_2.1 *
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support RedHat git-0:2.27.0-5.el8_4.1 *
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On RedHat git-0:2.27.0-5.el8_4.1 *
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support RedHat git-0:2.31.8-3.el8_6.1 *
Red Hat Enterprise Linux 8.6 Telecommunications Update Service RedHat git-0:2.31.8-3.el8_6.1 *
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions RedHat git-0:2.31.8-3.el8_6.1 *
Red Hat Enterprise Linux 8.8 Telecommunications Update Service RedHat git-0:2.39.5-1.el8_8.2 *
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions RedHat git-0:2.39.5-1.el8_8.2 *
Red Hat Enterprise Linux 9 RedHat git-0:2.47.3-1.el9_6 *
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions RedHat git-0:2.31.1-6.el9_0.1 *
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions RedHat git-0:2.39.5-1.el9_2.2 *
Red Hat Enterprise Linux 9.4 Extended Update Support RedHat git-0:2.43.5-1.el9_4.2 *
RHEL-8 based Middleware Containers RedHat rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.5-4.1753280805 *
RHEL-8 based Middleware Containers RedHat rhpam-7/rhpam-businesscentral-rhel8:7.13.5-4.1753280812 *
RHEL-8 based Middleware Containers RedHat rhpam-7/rhpam-controller-rhel8:7.13.5-4.1752676933 *
RHEL-8 based Middleware Containers RedHat rhpam-7/rhpam-dashbuilder-rhel8:7.13.5-3.1752676926 *
RHEL-8 based Middleware Containers RedHat rhpam-7/rhpam-kieserver-rhel8:7.13.5-4.1752676932 *
RHEL-8 based Middleware Containers RedHat rhpam-7/rhpam-operator-bundle:7.13.5-27 *
RHEL-8 based Middleware Containers RedHat rhpam-7/rhpam-process-migration-rhel8:7.13.5-4.1752676925 *
RHEL-8 based Middleware Containers RedHat rhpam-7/rhpam-rhel8-operator:7.13.5-2.1752676931 *
RHEL-8 based Middleware Containers RedHat rhpam-7/rhpam-smartrouter-rhel8:7.13.5-4.1752676930 *
Git Ubuntu devel *
Git Ubuntu esm-infra/bionic *
Git Ubuntu esm-infra/focal *
Git Ubuntu esm-infra/xenial *
Git Ubuntu jammy *
Git Ubuntu noble *
Git Ubuntu oracular *
Git Ubuntu plucky *
Git Ubuntu upstream *

Potential Mitigations

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

References