CVE-2025-21613
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2025-21613 is a vulnerability affecting go-git, a widely-used Git implementation library written in Go. Prior to version 5.13, go-git contained an argument injection flaw. An attacker could potentially exploit this issue by setting arbitrary values to git-upload-pack flags when using the file transport protocol. This vulnerability is significant because it allows an attacker to bypass security checks and gain unauthorized access to Git repositories. Successfully exploiting this issue required the use of the file transport protocol, which is the only protocol in go-git that spawns Git binaries. Go-git has addressed this issue in version 5.13.0.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.