CVE-2025-27614: GitHub: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability

Overview

Severity

N/A

Exploit Status

Not Exploited

Patch Tuesday

2025-Jul

Released

2025-07-08

Last Updated

2025-08-22

EPSS Score

0.01% (percentile: 0.8%)

Description

CVE-2025-27614 is regarding a vulnerability in Gitk where a Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the attacker by invoking gitk filename, where filename has a particular structure. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in GitK which address this vulnerability. Please see CVE-2025-27614 for more information.

Affected Products (6)

Developer Tools

• Microsoft Visual Studio 2022 version 17.8
• Microsoft Visual Studio 2022 version 17.10
• Microsoft Visual Studio 2022 version 17.12
• Microsoft Visual Studio 2022 version 17.14
• Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
• Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)

Security Updates (6)

• Release Notes
• Release Notes
• Release Notes
• Release Notes
• Release Notes
• Release Notes

Revision History

• 2025-07-08: Information published.
• 2025-08-22: Corrected the CVE Numbering Authority (CNA). This is an informational change only.