2378806 – (CVE-2025-48384) CVE-2025-48384 git: Git arbitrary code execution

Bug 2378806 (CVE-2025-48384) - CVE-2025-48384 git: Git arbitrary code execution

Summary: CVE-2025-48384 git: Git arbitrary code execution

Keywords:
Status:	NEW
Alias:	CVE-2025-48384
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2378816 2378818 2378817 2378819
Blocks:
TreeView+	depends on / blocked

Reported:	2025-07-08 19:01 UTC by OSIDB Bzimport
Modified:	2025-09-18 05:45 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:11462	None	None	None	2025-07-21 14:45:32 UTC
Red Hat Product Errata	RHSA-2025:11533	None	None	None	2025-07-22 12:00:33 UTC
Red Hat Product Errata	RHSA-2025:11534	None	None	None	2025-07-22 13:19:03 UTC
Red Hat Product Errata	RHSA-2025:11686	None	None	None	2025-07-24 07:46:12 UTC
Red Hat Product Errata	RHSA-2025:11688	None	None	None	2025-07-24 08:03:42 UTC
Red Hat Product Errata	RHSA-2025:11793	None	None	None	2025-07-24 23:08:23 UTC
Red Hat Product Errata	RHSA-2025:11794	None	None	None	2025-07-28 01:25:37 UTC
Red Hat Product Errata	RHSA-2025:11795	None	None	None	2025-07-28 01:14:39 UTC
Red Hat Product Errata	RHSA-2025:11796	None	None	None	2025-07-28 01:17:10 UTC
Red Hat Product Errata	RHSA-2025:11800	None	None	None	2025-07-28 01:21:35 UTC
Red Hat Product Errata	RHSA-2025:11801	None	None	None	2025-07-28 01:41:12 UTC
Red Hat Product Errata	RHSA-2025:13276	None	None	None	2025-08-07 06:31:23 UTC
Red Hat Product Errata	RHSA-2025:13325	None	None	None	2025-08-13 05:49:51 UTC
Red Hat Product Errata	RHSA-2025:13933	None	None	None	2025-08-20 07:11:17 UTC
Red Hat Product Errata	RHSA-2025:14059	None	None	None	2025-08-27 21:45:20 UTC
Red Hat Product Errata	RHSA-2025:14396	None	None	None	2025-08-27 21:45:57 UTC
Red Hat Product Errata	RHSA-2025:14853	None	None	None	2025-09-04 17:04:24 UTC
Red Hat Product Errata	RHSA-2025:14858	None	None	None	2025-09-04 17:04:35 UTC
Red Hat Product Errata	RHSA-2025:15308	None	None	None	2025-09-11 12:01:11 UTC
Red Hat Product Errata	RHSA-2025:15672	None	None	None	2025-09-18 05:45:09 UTC
Red Hat Product Errata	RHSA-2025:15827	None	None	None	2025-09-15 15:13:29 UTC
Red Hat Product Errata	RHSA-2025:15828	None	None	None	2025-09-15 15:14:16 UTC

Description OSIDB Bzimport 2025-07-08 19:01:12 UTC

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.

Comment 2 errata-xmlrpc 2025-07-21 14:45:30 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:11462 https://access.redhat.com/errata/RHSA-2025:11462

Comment 3 errata-xmlrpc 2025-07-22 12:00:31 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:11533 https://access.redhat.com/errata/RHSA-2025:11533

Comment 4 errata-xmlrpc 2025-07-22 13:19:01 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:11534 https://access.redhat.com/errata/RHSA-2025:11534

Comment 5 errata-xmlrpc 2025-07-24 07:46:09 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:11686 https://access.redhat.com/errata/RHSA-2025:11686

Comment 6 errata-xmlrpc 2025-07-24 08:03:40 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:11688 https://access.redhat.com/errata/RHSA-2025:11688

Comment 7 errata-xmlrpc 2025-07-24 23:08:21 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:11793 https://access.redhat.com/errata/RHSA-2025:11793

Comment 8 errata-xmlrpc 2025-07-28 01:14:36 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:11795 https://access.redhat.com/errata/RHSA-2025:11795

Comment 9 errata-xmlrpc 2025-07-28 01:17:08 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:11796 https://access.redhat.com/errata/RHSA-2025:11796

Comment 10 errata-xmlrpc 2025-07-28 01:21:33 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:11800 https://access.redhat.com/errata/RHSA-2025:11800

Comment 11 errata-xmlrpc 2025-07-28 01:25:35 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:11794 https://access.redhat.com/errata/RHSA-2025:11794

Comment 12 errata-xmlrpc 2025-07-28 01:41:10 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:11801 https://access.redhat.com/errata/RHSA-2025:11801

Comment 13 errata-xmlrpc 2025-08-07 06:31:20 UTC

This issue has been addressed in the following products:

  RHEL-8 based Middleware Containers

Via RHSA-2025:13276 https://access.redhat.com/errata/RHSA-2025:13276

Comment 14 errata-xmlrpc 2025-08-13 05:49:48 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2025:13325 https://access.redhat.com/errata/RHSA-2025:13325

Comment 17 errata-xmlrpc 2025-08-20 07:11:15 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.19

Via RHSA-2025:13933 https://access.redhat.com/errata/RHSA-2025:13933

Comment 22 errata-xmlrpc 2025-08-27 21:45:17 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:14059 https://access.redhat.com/errata/RHSA-2025:14059

Comment 23 errata-xmlrpc 2025-08-27 21:45:54 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2025:14396 https://access.redhat.com/errata/RHSA-2025:14396

Comment 24 errata-xmlrpc 2025-09-04 17:04:21 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2025:14853 https://access.redhat.com/errata/RHSA-2025:14853

Comment 25 errata-xmlrpc 2025-09-04 17:04:32 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2025:14858 https://access.redhat.com/errata/RHSA-2025:14858

Comment 26 errata-xmlrpc 2025-09-11 12:01:08 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2025:15308 https://access.redhat.com/errata/RHSA-2025:15308

Comment 27 errata-xmlrpc 2025-09-15 15:13:27 UTC

This issue has been addressed in the following products:

  Red Hat Web Terminal 1.12 on RHEL 9

Via RHSA-2025:15827 https://access.redhat.com/errata/RHSA-2025:15827

Comment 28 errata-xmlrpc 2025-09-15 15:14:14 UTC

This issue has been addressed in the following products:

  Red Hat Web Terminal 1.11 on RHEL 9

Via RHSA-2025:15828 https://access.redhat.com/errata/RHSA-2025:15828

Comment 29 errata-xmlrpc 2025-09-18 05:45:07 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2025:15672 https://access.redhat.com/errata/RHSA-2025:15672

Note You need to log in before you can comment on or make changes to this bug.