Skip to main content

Red Hat CVE-2025-46835

| EUVDEUVD-2025-21002 HIGH
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)
2025-07-10 security-advisories@github.com
High
Disputed · 8.5 NVD
Share

Severity by source

Sources disagree (Low–High)
GitHub Advisory PRIMARY
8.5 HIGH
AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
Ubuntu
MEDIUM
qualitative
SUSE
HIGH
qualitative
Red Hat
3.1 LOW
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 16, 2026 - 06:52 euvd
EUVD-2025-21002
Analysis Generated
Mar 16, 2026 - 06:52 vuln.today
CVE Published
Jul 10, 2025 - 15:15 nvd
HIGH 8.5

DescriptionGitHub Advisory

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.

AnalysisAI

A remote code execution vulnerability in Git GUI (CVSS 8.5) that allows you. High severity vulnerability requiring prompt remediation.

Technical ContextAI

Vulnerability type: remote code execution. CVSS 8.5 indicates high severity. Affects Git GUI.

RemediationAI

Monitor vendor channels for patch availability.

Vendor StatusVendor

Ubuntu

Priority: Medium
git
Release Status Version
upstream released 2.43.7
noble released 1:2.43.0-1ubuntu7.3
oracular released 1:2.45.2-1ubuntu1.2
plucky released 1:2.48.1-0ubuntu1.1
bionic released 1:2.17.1-1ubuntu0.18+esm4
focal released 1:2.25.1-1ubuntu3.14+esm3
jammy released 1:2.34.1-1ubuntu1.15
xenial released 1:2.7.4-0ubuntu1.10+esm11

Debian

Bug #1108983
git
Release Status Fixed Version Urgency
bullseye fixed 1:2.30.2-1+deb11u5 -
bullseye (security) fixed 1:2.30.2-1+deb11u5 -
bookworm vulnerable 1:2.39.5-0+deb12u3 -
bookworm (security) vulnerable 1:2.39.5-0+deb12u2 -
trixie fixed 1:2.47.3-0+deb13u1 -
forky fixed 1:2.51.0-1 -
sid fixed 1:2.53.0-1 -
(unstable) fixed 1:2.50.1-0.1 -

SUSE

Severity: High
Product Status
SUSE Enterprise Storage 7.1 Fixed
SUSE Liberty Linux 8 Fixed
SUSE Liberty Linux 9 Fixed
SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise High Performance Computing 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6 Fixed
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

CVE-2025-46835 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy