CVE-2025-27613: GitHub: CVE-2025-27613 Gitk Arguments Vulnerability

Overview

Severity

N/A

Exploit Status

Not Exploited

Patch Tuesday

2025-Jul

Released

2025-07-08

Last Updated

2025-08-22

EPSS Score

0.01% (percentile: 2.0%)

Description

CVE-2025-27613 is regarding a vulnerability in Gitk where when a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of this line" is affected as well, regardless of the option being enabled or not. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in GitK which address this vulnerability. Please see CVE-2025-27613 for more information.

Affected Products (6)

Developer Tools

• Microsoft Visual Studio 2022 version 17.8
• Microsoft Visual Studio 2022 version 17.10
• Microsoft Visual Studio 2022 version 17.12
• Microsoft Visual Studio 2022 version 17.14
• Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
• Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)

Security Updates (6)

• Release Notes
• Release Notes
• Release Notes
• Release Notes
• Release Notes
• Release Notes

Revision History

• 2025-07-08: Information published.
• 2025-08-22: Corrected the CVE Numbering Authority (CNA). This is an informational change only.