How to fix EUVD-2025-21002?

Within 24 hours: Issue security advisory to all Git GUI users advising against cloning untrusted repositories and editing files from unknown sources; inventory all Git GUI installations across the organization. Within 7 days: Implement mandatory code review processes for all cloned external repositories and restrict Git GUI usage to trusted internal repositories only where possible. Within 30 days: Monitor Git project releases closely and deploy patched versions (2.43.7 or later) immediately upon availability; conduct security awareness training for developers on supply chain risks.

Is Redhat affected by EUVD-2025-21002?

Git GUI users face a high-severity vulnerability (CVSS 8.5) that allows attackers to create and overwrite files on a user's system when cloning malicious repositories.

EUVD-2025-21002

| CVE-2025-46835 HIGH

2025-07-10 [email protected]

Information Disclosure Redhat Suse

8.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 16, 2026 - 06:52 euvd

EUVD-2025-21002

Analysis Generated

Mar 16, 2026 - 06:52 vuln.today

CVE Published

Jul 10, 2025 - 15:15 nvd

HIGH 8.5

DescriptionNVD

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.

AnalysisAI

A remote code execution vulnerability in Git GUI (CVSS 8.5) that allows you. High severity vulnerability requiring prompt remediation.

Technical ContextAI

Vulnerability type: remote code execution. CVSS 8.5 indicates high severity. Affects Git GUI.

RemediationAI

Monitor vendor channels for patch availability.

Vendor StatusVendor

Ubuntu

Priority: Medium

git

Release	Status	Version
upstream	released	2.43.7
noble	released	1:2.43.0-1ubuntu7.3
oracular	released	1:2.45.2-1ubuntu1.2
plucky	released	1:2.48.1-0ubuntu1.1
bionic	released	1:2.17.1-1ubuntu0.18+esm4
focal	released	1:2.25.1-1ubuntu3.14+esm3
jammy	released	1:2.34.1-1ubuntu1.15
xenial	released	1:2.7.4-0ubuntu1.10+esm11

USN-7626-1

Debian

Bug #1108983

git

Release	Status	Fixed Version	Urgency
bullseye	fixed	1:2.30.2-1+deb11u5	-
bullseye (security)	fixed	1:2.30.2-1+deb11u5	-
bookworm	vulnerable	1:2.39.5-0+deb12u3	-
bookworm (security)	vulnerable	1:2.39.5-0+deb12u2	-
trixie	fixed	1:2.47.3-0+deb13u1	-
forky	fixed	1:2.51.0-1	-
sid	fixed	1:2.53.0-1	-
(unstable)	fixed	1:2.50.1-0.1	-

DLA-4323-1

EUVD-2025-21002 vulnerability details – vuln.today

Back

EUVD-2025-21002

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code