CVE-2025-48384: GitHub: CVE-2025-48384 Git Symlink Vulnerability

Overview

Severity

N/A

Exploit Status

Not Exploited

Patch Tuesday

2025-Jul

Released

2025-07-08

Last Updated

2025-08-22

EPSS Score

0.47% (percentile: 64.7%)

Description

CVE-2025-48384 is regarding a vulnerability in Git where when reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Git which address this vulnerability. Please see CVE-2025-48384 for more information.

Detection & Weaponization (1 sources)

Maturity: Exploit

• GitHub PoC: 42 repositories

Affected Products (6)

Developer Tools

• Microsoft Visual Studio 2022 version 17.8
• Microsoft Visual Studio 2022 version 17.10
• Microsoft Visual Studio 2022 version 17.12
• Microsoft Visual Studio 2022 version 17.14
• Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
• Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)

Security Updates (6)

• Release Notes
• Release Notes
• Release Notes
• Release Notes
• Release Notes
• Release Notes

Revision History

• 2025-07-08: Information published.
• 2025-08-22: Corrected the CVE Numbering Authority (CNA). This is an informational change only.