CVE-2025-46835 HIGH

CVE-2025-46835: Git GUI can create and overwrite files for which the user has write permission

Vendor J6T
Product git-gui
Weakness CWE-88
Published July 10, 2025
Last update November 4, 2025

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.

Key dates

02Disclosure timeline

July 10, 2025 CVE published
November 4, 2025 Record updated