CVE-2025-46835
Directory Traversal in Git GUI Allows Arbitrary File Overwrite
Description
Description
Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| git | git | From 2.43.7 (inc) to 2.50.1 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
AI Powered Q&A
Can you explain this vulnerability to me?
How can this vulnerability impact me? :
What immediate steps should I take to mitigate this vulnerability?
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
CVE Publication Date:
2025-07-10
CVE Last Modified Date:
2025-07-10
Report Generation Date:
2025-07-14
AI Powered Q&A Generation:
2025-07-10
EPSS Last Evaluated Date:
N/A
NVD Report Link: