CVE-2025-48384 (GCVE-0-2025-48384)

Vulnerability from cvelistv5 – Published: 2025-07-08 18:23 – Updated: 2026-02-26 17:51
VLAI CISA KEV
Title
Git allows arbitrary code execution through broken config quoting
Summary
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
Severity
8.1 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE
  • CWE-436 - Interpretation Conflict
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
Vendor Product Version
git git Affected: < 2.43.7
Affected: >= 2.44.0-rc0, < 2.44.4
Affected: >= 2.45.0-rc0, < 2.45.4
Affected: >= 2.46.0-rc0, < 2.46.4
Affected: >= 2.47.0-rc0, < 2.47.3
Affected: >= 2.48.0-rc0, < 2.48.2
Affected: >= 2.49.0-rc0, < 2.49.1
Affected: >= 2.50.0-rc0, < 2.50.1
Create a notification for this product.
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 159ffd44-a9b0-4420-8fc9-8f8a5a240b75

Vulnerability ID: CVE-2025-48384

Status: Confirmed

Status Updated: 2025-08-25 00:00 UTC

Exploited: Yes

Timestamps
First Seen: 2025-08-25
Asserted: 2025-08-25
Scope
Notes: KEV entry: Git Link Following Vulnerability | Affected: Git / Git | Description: Git contains a link following vulnerability that stems from Git’s inconsistent handling of carriage return characters in configuration files. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-09-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 ; https://access.redhat.com/errata/RHSA-2025:13933 ; https://alas.aws.amazon.com/AL2/ALAS2-2025-2941.html ; https://linux.oracle.com/errata/ELSA-2025-11534.html ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48384 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48384
Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details
Cwes CWE-59 CWE-436
Feed CISA Known Exploited Vulnerabilities Catalog
Product Git
Due Date 2025-09-15
Date Added 2025-08-25
Vendorproject Git
Vulnerabilityname Git Link Following Vulnerability
Knownransomwarecampaignuse Unknown
References
Created: 2026-02-02 13:24 UTC | Updated: 2026-02-06 07:53 UTC
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48384",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-26T03:55:23.181071Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-08-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48384"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:51:05.174Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48384"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-08-25T00:00:00.000Z",
            "value": "CVE-2025-48384 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:11:00.255Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00003.html"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Sep/60"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/07/08/4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "git",
          "vendor": "git",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.43.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.44.0-rc0, \u003c 2.44.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.45.0-rc0, \u003c 2.45.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.46.0-rc0, \u003c 2.46.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.47.0-rc0, \u003c 2.47.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.48.0-rc0, \u003c 2.48.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.49.0-rc0, \u003c 2.49.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.50.0-rc0, \u003c 2.50.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-436",
              "description": "CWE-436: Interpretation Conflict",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-08T18:23:48.710Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
        }
      ],
      "source": {
        "advisory": "GHSA-vwqx-4fm8-6qc9",
        "discovery": "UNKNOWN"
      },
      "title": "Git allows arbitrary code execution through broken config quoting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-48384",
    "datePublished": "2025-07-08T18:23:48.710Z",
    "dateReserved": "2025-05-19T15:46:00.397Z",
    "dateUpdated": "2026-02-26T17:51:05.174Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2025-48384",
      "cwes": "[\"CWE-59\", \"CWE-436\"]",
      "dateAdded": "2025-08-25",
      "dueDate": "2025-09-15",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 ; https://access.redhat.com/errata/RHSA-2025:13933 ; https://alas.aws.amazon.com/AL2/ALAS2-2025-2941.html ; https://linux.oracle.com/errata/ELSA-2025-11534.html ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48384 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
      "product": "Git",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Git contains a link following vulnerability that stems from Git\u2019s inconsistent handling of carriage return characters in configuration files.",
      "vendorProject": "Git",
      "vulnerabilityName": "Git Link Following Vulnerability"
    },
    "epss": {
      "cve": "CVE-2025-48384",
      "date": "2026-05-27",
      "epss": "0.00603",
      "percentile": "0.69779"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-48384\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-07-08T19:15:42.800\",\"lastModified\":\"2025-11-06T14:52:47.590\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.\"},{\"lang\":\"es\",\"value\":\"Git es un sistema de control de versiones distribuido, r\u00e1pido y escalable, con un conjunto de comandos excepcionalmente completo que proporciona operaciones de alto nivel y acceso completo a su funcionamiento interno. Al leer un valor de configuraci\u00f3n, Git elimina cualquier retorno de carro y avance de l\u00ednea (CRLF) final. Al escribir una entrada de configuraci\u00f3n, los valores con un CR final no se entrecomillan, lo que provoca que el CR se pierda al leer la configuraci\u00f3n posteriormente. Al inicializar un subm\u00f3dulo, si la ruta del subm\u00f3dulo contiene un CR final, se lee la ruta modificada, lo que provoca que el subm\u00f3dulo se extraiga a una ubicaci\u00f3n incorrecta. Si existe un enlace simb\u00f3lico que apunta la ruta modificada al directorio de ganchos del subm\u00f3dulo, y este contiene un gancho ejecutable posterior a la extracci\u00f3n, el script podr\u00eda ejecutarse accidentalmente despu\u00e9s de la extracci\u00f3n. Esta vulnerabilidad se ha corregido en v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1 y v2.50.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":6.0}]},\"cisaExploitAdd\":\"2025-08-25\",\"cisaActionDue\":\"2025-09-15\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Git Link Following Vulnerability\",\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"},{\"lang\":\"en\",\"value\":\"CWE-436\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.43.7\",\"matchCriteriaId\":\"BB276680-D286-4DF6-BCB7-CAC1D9D77E08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.44.0\",\"versionEndExcluding\":\"2.44.4\",\"matchCriteriaId\":\"856A8970-74E2-4F8F-A1A6-2AB1C0C87E45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.45.0\",\"versionEndExcluding\":\"2.45.4\",\"matchCriteriaId\":\"6D1DB9BA-3D91-4F7D-931E-A664737129F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.46.0\",\"versionEndExcluding\":\"2.46.4\",\"matchCriteriaId\":\"01BDA55C-F398-4286-ABC6-979A783BDC65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.47.0\",\"versionEndExcluding\":\"2.47.3\",\"matchCriteriaId\":\"FF4A2ACC-0996-4869-884D-734D6006C032\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.48.0\",\"versionEndExcluding\":\"2.48.2\",\"matchCriteriaId\":\"0DD21A83-8D62-4EE4-914B-B5ACA19A84A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.49.0\",\"versionEndExcluding\":\"2.49.1\",\"matchCriteriaId\":\"95C1825C-B7A2-46E9-93D7-2D196DB2515E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.50.0\",\"versionEndExcluding\":\"2.50.1\",\"matchCriteriaId\":\"18F948AD-22C0-4B2E-B497-899F3A94B70A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.0\",\"matchCriteriaId\":\"37CC7F40-CC3A-4AEB-9260-B621FE64735A\"}]}]}],\"references\":[{\"url\":\"https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2025/Sep/60\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/07/08/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48384\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/10/msg00003.html\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Sep/60\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/07/08/4\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:11:00.255Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-48384\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-26T03:55:23.181071Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-08-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48384\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-08-25T00:00:00.000Z\", \"value\": \"CVE-2025-48384 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48384\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-08T18:35:20.601Z\"}}], \"cna\": {\"title\": \"Git allows arbitrary code execution through broken config quoting\", \"source\": {\"advisory\": \"GHSA-vwqx-4fm8-6qc9\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"git\", \"product\": \"git\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.43.7\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.44.0-rc0, \u003c 2.44.4\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.45.0-rc0, \u003c 2.45.4\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.46.0-rc0, \u003c 2.46.4\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.47.0-rc0, \u003c 2.47.3\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.48.0-rc0, \u003c 2.48.2\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.49.0-rc0, \u003c 2.49.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.50.0-rc0, \u003c 2.50.1\"}]}], \"references\": [{\"url\": \"https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9\", \"name\": \"https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-436\", \"description\": \"CWE-436: Interpretation Conflict\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-59\", \"description\": \"CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-07-08T18:23:48.710Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-48384\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T17:51:05.174Z\", \"dateReserved\": \"2025-05-19T15:46:00.397Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-07-08T18:23:48.710Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.