Bug 2379125 (CVE-2025-27614)
| Summary: | CVE-2025-27614 gitk: git script execution flaw | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | adudiak, crizzo, dfreiber, drow, jburrell, jmitchel, jtanner, kshier, omaciel, sdawley, stcannon, vkumar, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
There's a vulnerability in gitk where an user can be tricked to run malicious scripts supplied by the attacker when running gitk filename command. When successfully exploited this vulnerability may result in arbitrary code execution.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-07-09 22:56:06 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:11462 https://access.redhat.com/errata/RHSA-2025:11462 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:11533 https://access.redhat.com/errata/RHSA-2025:11533 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:11534 https://access.redhat.com/errata/RHSA-2025:11534 This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2025:13276 https://access.redhat.com/errata/RHSA-2025:13276 |