InfoSunrise – Daily Insights Across Tech, Travel, Lifestyle & More

Latest News, Trends & Expert Picks in One Place

Tech

CISA is warning of a worrying Git security flaw, so stay alert

Byadmin

Aug 27, 2025 #5G technology, #AI technology, #artificial intelligence, #augmented reality, #best laptops, #best tech apps, #blockchain, #cloud computing, #cryptocurrency, #cybersecurity, #digital transformation, #emerging tech, #future technology, #iOS vs Android, #latest inventions, #latest tech news, #machine learning, #new gadgets, #robotics, #smart home devices, #smartphones, #software updates, #tech, #tech comparisons, #tech industry news, #tech innovations, #tech reviews, #tech startups, #tech tips and tricks, #tech trends, #tech tutorials, #technology, #top tech of 2025, #virtual reality, #wearable tech
  • CISA adds CVE-2025-48384 to its Known Exploited Vulnerabilities catalog
  • Git patched it in July 2025, but there are also mitigations and workarounds
  • Users should patch immediately, or face possible attack

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a serious Git vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning of in-the-wild abuse and giving Federal Civilian Executive Branch (FCEB) agencies three weeks to patch up.

The Git distributed version control system is a software development tool helping users keep track of code changes, allowing them to share it with others, and cooperate on different projects.

It was recently discovered that it had a bug where it handles special “carriage return” characters inconsistently – so when configuring submodules, this can trick Git into setting up a repository in the wrong place and then running hidden, attacker-supplied code.

Avoiding recursive submodule clones

The bug is tracked as CVE-2025-48384, and has a severity score of 8.0/10 (high). It was discovered in early July 2025, and fixed with a patch. Here is a list of patched up Git distributed version control system: 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.

Git is extremely popular. It is the standard version control system used by developers worldwide, and platforms like GitHub, GitLab, and Bitbucket all run on Git. Furthermore, almost every major software project, including Linux, Android, Chrome, and VS Code, uses it to manage code.

When CISA adds a bug to KEV, it usually means it has observed it being used in real-life attacks. This flaw was added on July 25, 2025, meaning FCEB agencies have until September 15 to patch it up or stop using Git altogether. Usually, other government agencies, as well as companies in the private sector, keep track of KEV and apply the updates at the same time, as well.

Those that are unable to patch can deploy a mitigation in the form of avoiding recursive submodule clones from untrusted sources. Furthermore, users should disable Git hooks globally via core.hooksPath, and enforce only audited submodules.

Via BleepingComputer

You might also like

By admin

Related Post

Tech

Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks

Aug 27, 2025 admin
Tech

AI Study Shows Job Market Pressure for Young Software Engineers and Customer Service Workers

Aug 27, 2025 admin
Tech

With Starship Flight 10, SpaceX prioritized resilience over perfection

Aug 27, 2025 admin

You missed

Sports

Louis Saha rips into ‘SHAMBOLIC’ Man United after Red Devils go 2-0 down to Grimsby – as he claims Andre Onana’s mistakes are ‘inexcusable’

August 27, 2025 admin
Sports

Chelsea’s new stance on Nicolas Jackson revealed as FIVE clubs battle to sign him, why Alexander Isak is crucial to striker’s future – and what’s really true about Cole Palmer’s injury status: Chelsea Confidential

August 27, 2025 admin
Politics

Byron Donalds’ history on youth offender laws: How DC proposal breaks from his past

August 27, 2025 admin
World

Will a UN funding shortfall affect investigations into Israel’s crimes?

August 27, 2025 admin