CVE-2025-66413
Received Received - Intake
NTLM Hash Exposure in Git for Windows via Malicious Clone

Publication date: 2026-03-10

Last updated on: 2026-04-21

Assigner: GitHub, Inc.

Description
Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is fixed in 2.53.0(2).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-04-21
Generated
2026-06-16
AI Q&A
2026-03-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-66413
EUVD
EUVD-2025-208534
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gitforwindows git to 2.53.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-307 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Git for Windows versions prior to 2.53.0(2). An attacker can trick a user into cloning a repository from a malicious server, which allows the attacker to obtain the user's NTLM hash.

Because NTLM hashing is weak, the attacker can then brute-force the user's account name and password using the obtained hash.

This issue is fixed in Git for Windows version 2.53.0(2).

Impact Analysis

If exploited, this vulnerability can lead to an attacker obtaining your NTLM hash and subsequently brute-forcing your account credentials.

This can result in unauthorized access to your user account, potentially compromising your system or data.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Git for Windows to version 2.53.0(2) or later, where the issue has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66413. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart