CISA warns of active exploitation of Git flaw
Take action: Update your local Git to the latest patched version (v2.50.1 or newer). This exploit allows attackers to execute malicious code when you clone repositories. Until patched, avoid using git clone --recursive on any repositories from untrusted sources, and be extra cautious when cloning repos with submodules from external developers or public repositories.
Learn More
CISA has issued an alert about active exploitation of a vulnerability in Git.
The vulnerability is tracked as CVE-2025-48384 (CVSS score 8.1). It enables arbitrary file writes and subsequent code execution when users clone malicious repositories containing submodules.
The flaw is caused by Git's inconsistent handling of carriage return characters (CR) in configuration files, when processing .gitmodules files during repository operations. When Git reads a configuration value, it strips any trailing carriage return and line feed (CRLF), but when writing a configuration entry, values with a trailing CR are not quoted, causing the CR to be lost when the configuration is subsequently read. This discrepancy creates an opportunity for attackers to manipulate submodule paths and redirect Git to write files to unintended locations.
The vulnerability can be exploited to write a malicious Git Hook script, resulting in remote code execution whenever subcommands like git commit and git merge are run. Example attack flow:
Step 1: Attacker creates a weaponized Git repository with malicious submodule configuration
- Attacker crafts a
.gitmodulesfile containing a submodule path with trailing carriage return (\r) - The malicious submodule path exploits Git's inconsistent CR handling
- A symlink is strategically placed to redirect the altered path
malicious-repo/
├── .gitmodules # Contains malicious submodule path with \r
├── .git/hooks/
│ └── post-checkout # Malicious script to be executed
└── symlink-target/ # Strategic symlink placementStep 2: When victim clones with --recursive, Git's CR handling inconsistency causes path confusion
- Victim runs:
git clone --recursive https://malicious-repo.example - Git reads the submodule path, strips trailing CR during config reading
- But when Git writes the config, the CR causes incorrect path interpretation
- Submodule gets checked out to unintended location due to symlink redirection
Intended path: submodules/legitimate-component
Manipulated path: submodules/legitimate-component\r
After symlink: .git/hooks/Step 3: Malicious hook script executes during normal Git operations
- The post-checkout hook is now in the hooks directory due to path manipulation
- Any subsequent Git operation (commit, merge, pull) triggers the hook
- Attacker's code executes with the privileges of the Git user
- Lateral movement, data exfiltration, or malware deployment can begin
The attack vector primarily affects UNIX-like systems, including Linux and macOS, when users execute git clone --recursive on a weaponized repository. The GitHub Desktop client for macOS is also vulnerable due to its use of git clone --recursive by default.
Working proof-of-concept exploits for this vulnerability are publicly available and have been validated by security researchers, significantly increasing the risk of widespread exploitation.
Patched versions available:
- v2.43.7, v2.44.4, v2.45.4, v2.46.4
- v2.47.3, v2.48.2, v2.49.1, v2.50.1 and later
The flaw is very dangerous in development environments where users frequently clone repositories from potentially untrusted sources,
Organizations should upgrade to the latest patched Git version, avoid recursively cloning submodules in untrusted repositories until patches are applied.
