UBUNTU-CVE-2025-27614

Details

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.

Affected Packages

Ubuntu:24.10git

Affected versions:

1:2.43.0-1ubuntu71:2.45.1-1ubuntu11:2.45.2-1ubuntu11:2.45.2-1ubuntu1.1

Fixed in:

1:2.45.2-1ubuntu1.2

Ubuntu:24.04:LTSgit

Affected versions:

1:2.40.1-1ubuntu11:2.43.0-1ubuntu11:2.43.0-1ubuntu51:2.43.0-1ubuntu61:2.43.0-1ubuntu71:2.43.0-1ubuntu7.11:2.43.0-1ubuntu7.2

Fixed in:

1:2.43.0-1ubuntu7.3

Ubuntu:25.04git

Affected versions:

1:2.45.2-1.2ubuntu11:2.45.2-1ubuntu11:2.47.1-0ubuntu11:2.47.1-1ubuntu11:2.48.1-0ubuntu1

Fixed in:

1:2.48.1-0ubuntu1.1

References

REPORThttps://ubuntu.com/security/CVE-2025-27614 ADVISORYhttps://ubuntu.com/security/notices/USN-7626-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2025-27614 REPORThttps://www.openwall.com/lists/oss-security/2025/07/08/4

UBUNTU-CVE-2025-27614

Details

Affected Packages

References

CVSS Analysis

Upstream

Related

Ecosystems

Timeline