CVE-2025-46835

{"id": "CVE-2025-46835", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}]}, "published": "2025-07-10T15:15:29.503", "references": [{"url": "https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da", "source": "security-advisories@github.com"}, {"url": "https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-88"}]}], "descriptions": [{"lang": "en", "value": "Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1."}, {"lang": "es", "value": "Git GUI permite usar las herramientas de gesti\u00f3n de control de c\u00f3digo fuente de Git mediante una interfaz gr\u00e1fica de usuario. Cuando un usuario clona un repositorio no confiable y se le induce a editar un archivo ubicado en un directorio malicioso del repositorio, la interfaz gr\u00e1fica de Git puede crear y sobrescribir archivos para los que el usuario tiene permiso de escritura. Esta vulnerabilidad est\u00e1 corregida en las versiones 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1 y 2.50.1."}], "lastModified": "2025-07-15T13:24:41.097", "sourceIdentifier": "security-advisories@github.com"}