目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2025-48384— Git 安全漏洞

CVSS 8.1 · High KEV EPSS 0.62% · P70
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2025-48384 基础信息

漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Git allows arbitrary code execution through broken config quoting
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
解释冲突
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Git 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Git是Git开源的一套免费、开源的分布式版本控制系统。 Git存在安全漏洞,该漏洞源于在处理配置值时尾随回车符的处理不当,可能使子模块被错误检出到由符号链接指向的钩子目录,意外执行其中的可执行脚本。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

神龙十问 — AI 深度分析

十问解析:根本原因、利用方式、修复建议、紧迫性。摘要免费,完整版需登录。

查看摘要 完整分析(登录)

受影响产品

厂商产品影响版本CPE订阅
gitgit < 2.43.7 -

二、漏洞 CVE-2025-48384 的公开POC

#POC 描述源链接神龙链接
1Breaking git with a carriage return and cloning RCEhttps://github.com/acheong08/CVE-2025-48384POC详情
2for CVE-2025-48384 testhttps://github.com/fishyyh/CVE-2025-48384POC详情
3Nonehttps://github.com/kallydev/cve-2025-48384-hookPOC详情
4Nonehttps://github.com/fishyyh/CVE-2025-48384-POCPOC详情
5Nonehttps://github.com/liamg/CVE-2025-48384-submodulePOC详情
6PoC for CVE-2025-48384https://github.com/liamg/CVE-2025-48384POC详情
7Nonehttps://github.com/ppd520/CVE-2025-48384POC详情
8漏洞测试https://github.com/NigelX/CVE-2025-48384POC详情
9Nonehttps://github.com/greatyy/CVE-2025-48384-pPOC详情
10CVE-2025-48384https://github.com/testdjshan/CVE-2025-48384POC详情
11Nonehttps://github.com/altm4n/cve-2025-48384POC详情
12Nonehttps://github.com/altm4n/cve-2025-48384-hubPOC详情
13Nonehttps://github.com/p1026/CVE-2025-48384POC详情
14PoC dockerfile image for CVE-2025-48384https://github.com/vinieger/vinieger-CVE-2025-48384-DockerfilePOC详情
15Nonehttps://github.com/ECHO6789/CVE-2025-48384-submodulePOC详情
16Nonehttps://github.com/nguyentranbaotran/cve-2025-48384-pocPOC详情
17Nonehttps://github.com/admin-ping/CVE-2025-48384-RCEPOC详情
18Nonehttps://github.com/simplyfurious/CVE-2025-48384-submodule_testPOC详情
19Nonehttps://github.com/Anezatraa/CVE-2025-48384-submodulePOC详情
20CVE-2025-48384 PoChttps://github.com/IK-20211125/CVE-2025-48384POC详情
21Nonehttps://github.com/elprogramadorgt/CVE-2025-48384POC详情
22Nonehttps://github.com/rtefx/CVE-2025-48384POC详情
23test for CVE-2025-48384https://github.com/f1shh/CVE-2025-48384POC详情
24PoC for CVE-2025-48384https://github.com/fluoworite/CVE-2025-48384POC详情
25Nonehttps://github.com/fluoworite/CVE-2025-48384-subPOC详情
26Nonehttps://github.com/beishanxueyuan/CVE-2025-48384POC详情
27Nonehttps://github.com/beishanxueyuan/CVE-2025-48384-testPOC详情
28Nonehttps://github.com/jideasn/cve-2025-48384POC详情
29Nonehttps://github.com/testtianmaaaa/CVE-2025-48384POC详情
30Nonehttps://github.com/replicatorbot/CVE-2025-48384POC详情
31Nonehttps://github.com/replicatorbot/CVE-2025-48384-POCPOC详情
32PoChttps://github.com/eliox01/CVE-2025-48384POC详情
33testhttps://github.com/wzx5002/CVE-2025-48384POC详情
34sub for CVE-2025-48384https://github.com/wzx5002/totallynotsuspiciousPOC详情
35Breaking git with a carriage return and cloning RCEhttps://github.com/butyraldehyde/CVE-2025-48384-PoCPOC详情
36RCE hookhttps://github.com/butyraldehyde/CVE-2025-48384-PoC-Part2POC详情
37PoC for CVE-2025-48384https://github.com/jacobholtz/CVE-2025-48384-pocPOC详情
38Nonehttps://github.com/jacobholtz/CVE-2025-48384-submodulePOC详情
39Nonehttps://github.com/arun1033/CVE-2025-48384POC详情
40CVE-2025-48384 Scannerhttps://github.com/EdwardYeIntrix/CVE-2025-48384-ScannerPOC详情
41GIT vulnerability | Carriage Return and RCE on cloninghttps://github.com/s41r4j/CVE-2025-48384POC详情
42CVE-2025-48384-submodulehttps://github.com/s41r4j/CVE-2025-48384-submodulePOC详情
43might delete laterhttps://github.com/airkewld/cve-2025-48384POC详情
44will delete laterhttps://github.com/airkewld/cve-2025-48384-submodulePOC详情
45Nonehttps://github.com/mukesh-610/cve-2025-48384-exploitPOC详情
46Nonehttps://github.com/mukesh-610/cve-2025-48384POC详情
47Nonehttps://github.com/MarcoTondolo/cve-2025-48384-pocPOC详情
48Nonehttps://github.com/zr0n/CVE-2025-48384-subPOC详情
49A proof of concept of remote code executionhttps://github.com/zr0n/CVE-2025-48384-mainPOC详情
50GIT vulnerability | Carriage Return and RCE on cloninghttps://github.com/vignesh21-git/CVE-2025-48384POC详情
51Testhttps://github.com/vignesh21-git/CVE-2025-48384-submodulePOC详情
52Superproject repo for Backup Exec CVE-2025-48384 exploithttps://github.com/DayDayDayDreaming/backup-exec-cve-48384POC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2025-48384 的情报信息

Please 登录 to view more intelligence information

IV. Related Vulnerabilities

Same product: git
Same vendor: git
Same weakness: CWE-436

V. Comments for CVE-2025-48384

暂无评论

发表评论