CVE-2025-27613
Public on 2025-07-09
Modified on 2025-07-09
Description
When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of this line" is affected as well, regardless of the option being enabled or not.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | git | No Fix Planned | ||
| Amazon Linux 2 - Core | git | 2025-07-30 | ALAS2-2025-2941 | Fixed |
| Amazon Linux 2023 | git | 2025-08-08 | ALAS2023-2025-1108 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
| NVD | CVSSv3 | 3.6 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N |