Unveiled: Potential Exploit for Critical Arbitrary File Writing in Git Command Line Interface (CVE-2025-48384)

In a recent turn of events, a high-severity vulnerability known as CVE-2025-48384 has been identified in Git, a widely-used version control system. This vulnerability, which poses a notable supply chain risk, particularly for developers who work with third-party code, allows threat actors to create malicious git repositories that run code unexpectedly when being cloned.

On July 8, 2025, the Git project released new versions to address this vulnerability. It is strongly advised that users follow organizational patching and testing guidelines to minimize potential operational impact.

The technical details about the vulnerability can be found at this link. The Git Security Vulnerability Announcement can be found at this other link.

The vulnerability is most prevalent in macOS and Linux installations of Git. Windows installations, however, are not affected. To address the vulnerability, Arctic Wolf recommends upgrading to the latest fixed versions of Git CLI for these platforms. Upgrading Git on a Mac requires updating your PATH to use the new version, as the system version at /usr/bin/git cannot be replaced directly.

It's also important to note that the Git clone -recursive -a pattern is extensively used in public GitHub repositories, providing a credible pretext for exploitation. As a security best practice, avoid using the -recursive switch in the clone command to prevent the vulnerability from being exploited.

Moreover, Arctic Wolf, a cybersecurity solutions provider, utilizes threat intelligence to harden attack surfaces and stop threats earlier and faster. Their 2025 Threat Report provides valuable insights into the threat landscape and offers strategies for better defending your organization.

Recently, proof-of-concept exploit code for CVE-2025-48384 has become publicly available. Datadog, a monitoring service platform, has confirmed the availability of such code at this link. The attack complexity of the vulnerability is high, but it is trivially exploitable in practice.

To prevent unexpected supply chain risks, it's crucial to avoid cloning untrusted repositories in sensitive environments. By staying vigilant and keeping up-to-date with the latest security updates, developers can help protect their work and the wider community.

For more information and resources, you can refer to the Git Security Advisory available at this link.

Unveiled: Potential Exploit for Critical Arbitrary File Writing in Git Command Line Interface (CVE-2025-48384)