CVE-2025-52483

Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious (or can be injected using upstream vulnerabilities) a shell script injection can occur within the `withpasswd` function. Alternatively, an argument injection is possible in the `gettreesha `function. either of these can then lead to a potential RCE. Users should upgrade immediately to v1.9.5 to receive a fix. All prior versions are vulnerable. No known workarounds are available.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/JuliaRegistries/Registrator.jl/pull/448	Issue Tracking Patch
https://github.com/JuliaRegistries/Registrator.jl/security/advisories/GHSA-589r-g8hf-xx59	Vendor Advisory Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:julialang:registrator:*:*:*:*:*:julia:*:*

History

19 Sep 2025, 16:01

Type	Values Removed	Values Added
First Time		Julialang registrator Julialang
CPE		cpe:2.3:a:julialang:registrator::::::julia::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~() https://github.com/JuliaRegistries/Registrator.jl/pull/448 -~~	() https://github.com/JuliaRegistries/Registrator.jl/pull/448 - Issue Tracking, Patch
References	~~() https://github.com/JuliaRegistries/Registrator.jl/security/advisories/GHSA-589r-g8hf-xx59 -~~	() https://github.com/JuliaRegistries/Registrator.jl/security/advisories/GHSA-589r-g8hf-xx59 - Vendor Advisory, Issue Tracking

26 Jun 2025, 18:57

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-25 17:15

Updated : 2025-09-19 16:01

NVD link : CVE-2025-52483

Mitre link : CVE-2025-52483

CVE.ORG link : CVE-2025-52483

JSON object : View

Products Affected

julialang

registrator

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2025-52483", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-25T17:15:38.740", "references": [{"url": "https://github.com/JuliaRegistries/Registrator.jl/pull/448", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/JuliaRegistries/Registrator.jl/security/advisories/GHSA-589r-g8hf-xx59", "tags": ["Vendor Advisory", "Issue Tracking"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious (or can be injected using upstream vulnerabilities) a shell script injection can occur within the `withpasswd` function. Alternatively, an argument injection is possible in the `gettreesha `function. either of these can then lead to a potential RCE. Users should upgrade immediately to v1.9.5 to receive a fix. All prior versions are vulnerable. No known workarounds are available."}, {"lang": "es", "value": "Registrator es una aplicaci\u00f3n de GitHub que automatiza la creaci\u00f3n de solicitudes de extracci\u00f3n de registro para paquetes de Julia en el registro general. Antes de la versi\u00f3n 1.9.5, si la URL de clonaci\u00f3n devuelta por GitHub era maliciosa (o pod\u00eda inyectarse mediante vulnerabilidades de origen), se pod\u00eda inyectar un script de shell en la funci\u00f3n `withpasswd`. Alternativamente, se puede inyectar un argumento en la funci\u00f3n `gettreesha`. Cualquiera de estas opciones puede provocar una posible RCE. Los usuarios deben actualizar inmediatamente a la versi\u00f3n 1.9.5 para obtener una soluci\u00f3n. Todas las versiones anteriores son vulnerables. No se conocen soluciones alternativas."}], "lastModified": "2025-09-19T16:01:28.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:julialang:registrator:*:*:*:*:*:julia:*:*", "vulnerable": true, "matchCriteriaId": "FD508AC5-1083-4BF3-8FA1-6967FDB5059F", "versionEndExcluding": "1.9.5"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}