CVE-2025-21613

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 6, 2025
CWE ID 88

Summary

CVE-2025-21613 is a vulnerability affecting go-git, a widely-used Git implementation library written in Go. Prior to version 5.13, go-git contained an argument injection flaw. An attacker could potentially exploit this issue by setting arbitrary values to git-upload-pack flags when using the file transport protocol. This vulnerability is significant because it allows an attacker to bypass security checks and gain unauthorized access to Git repositories. Successfully exploiting this issue required the use of the file transport protocol, which is the only protocol in go-git that spawns Git binaries. Go-git has addressed this issue in version 5.13.0.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share