CVE-2025-41390
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-20

Last updated on: 2025-11-03

Assigner: Talos

Description
An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-20
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-10-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-41390
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
trufflesecurity trufflehog 3.90.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-829 The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-41390 is an arbitrary code execution vulnerability in TruffleHog 3.90.2, a tool used to scan Git repositories for secrets. The vulnerability occurs because TruffleHog interacts with Git repositories that may contain malicious client-side Git hooks or configurations, specifically the core.fsmonitor setting in the .git/config file. An attacker can craft a malicious Git repository with a specially crafted core.fsmonitor value that causes Git to execute arbitrary commands automatically during operations like 'git status' when TruffleHog scans the repository. This leads to arbitrary code execution on the victim's machine without their knowledge, triggered by running TruffleHog on the malicious repository. [1, 2]

Impact Analysis

This vulnerability can lead to arbitrary code execution on your machine when you scan a maliciously crafted Git repository using TruffleHog. An attacker can execute any command with the privileges of the user running TruffleHog, potentially compromising confidentiality, integrity, and availability of your system. This could result in unauthorized data access, system manipulation, or disruption of services. The attack requires user interaction (running TruffleHog on the malicious repo) but does not require prior privileges. [1, 2]

Detection Guidance

This vulnerability can be detected by inspecting Git repositories for malicious or unusual configurations in the .git/config file, specifically the core.fsmonitor setting or other risky Git config options like core.page, diff.external, and diff.<name>.textconv. A practical detection method is to check the core.fsmonitor value in the repository's .git/config file. For example, you can run: `git -C /path/to/repo config core.fsmonitor` to see if it is set to a suspicious command. Additionally, running `git status` on a repository copied file-for-file (not cloned) may trigger the malicious command if the vulnerability is present. Monitoring for unexpected file creations or command executions triggered by Git operations (like `git status`) can also help detect exploitation attempts. [1, 2]

Mitigation Strategies

Immediate mitigation steps include updating TruffleHog to the patched version released on October 17, 2025, which implements scanning of a sanitized git clone rather than the original repository. Additionally, disable client-side Git hooks and dangerous Git configuration options by default, for example by running Git commands with `git -c core.fsmonitor="" status` to override and disable the core.fsmonitor setting. Avoid scanning repositories that were copied file-for-file instead of cloned via Git. For users who must scan local repositories with custom configurations, use the `--trust-local-git-config` flag cautiously. Overall, treat Git configurations from untrusted sources with caution and prefer scanning sanitized clones. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-41390. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart