Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0579
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Python extension pour Visual Studio Code versions antérieures à 2025.8.1 | ||
| Microsoft | N/A | Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5508.1000 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 versions antérieures à 16.0.10417.20027 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU 31) versions antérieures à 14.0.3495.9 | ||
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.18526.20424 | ||
| Microsoft | N/A | Microsoft Teams pour iOS versions antérieures à 7.10.1 (100772025102901) | ||
| Microsoft | N/A | Microsoft Configuration Manager 2503 versions antérieures à 5.00.9135.1003 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.12 antérieures à 17.12.10 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 - 16.10) antérieures à 16.11.49 | ||
| Microsoft | N/A | Microsoft Teams pour Desktop versions antérieures à 25060212643 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 19) versions antérieures à 16.0.1140.6 | ||
| Microsoft | N/A | Microsoft Teams pour Android versions antérieures à 1.0.0.2025112902 | ||
| Microsoft | N/A | Microsoft Visual Studio 2015 Update 3 versions antérieures à 14.0.27564.0 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) versions antérieures à 14.0.2075.8 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 2 (GDR) versions antérieures à 13.0.6460.7 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 32) versions antérieures à 15.0.4435.7 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.14 antérieures à 17.14.8 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 - 15.8) antérieures à 15.9.75 | ||
| Microsoft | N/A | Microsoft Teams pour Mac versions antérieures à 25163.3001.3726.6503 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.10 antérieures à 17.10.17 | ||
| Microsoft | N/A | Microsoft PC Manager versions antérieures à 3.17.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.4200.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.8 antérieures à 17.8.23 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 15.0.2135.5 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Python extension pour Visual Studio Code versions ant\u00e9rieures \u00e0 2025.8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5508.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10417.20027",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31) versions ant\u00e9rieures \u00e0 14.0.3495.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.18526.20424",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Teams pour iOS versions ant\u00e9rieures \u00e0 7.10.1 (100772025102901)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Configuration Manager 2503 versions ant\u00e9rieures \u00e0 5.00.9135.1003",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.12 ant\u00e9rieures \u00e0 17.12.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 - 16.10) ant\u00e9rieures \u00e0 16.11.49",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Teams pour Desktop versions ant\u00e9rieures \u00e0 25060212643",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 19) versions ant\u00e9rieures \u00e0 16.0.1140.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Teams pour Android versions ant\u00e9rieures \u00e0 1.0.0.2025112902",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2015 Update 3 versions ant\u00e9rieures \u00e0 14.0.27564.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 14.0.2075.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 2 (GDR) versions ant\u00e9rieures \u00e0 13.0.6460.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 32) versions ant\u00e9rieures \u00e0 15.0.4435.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.14 ant\u00e9rieures \u00e0 17.14.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 - 15.8) ant\u00e9rieures \u00e0 15.9.75",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Teams pour Mac versions ant\u00e9rieures \u00e0 25163.3001.3726.6503",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.10 ant\u00e9rieures \u00e0 17.10.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PC Manager versions ant\u00e9rieures \u00e0 3.17.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 \t\n16.0.4200.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.8 ant\u00e9rieures \u00e0 17.8.23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 15.0.2135.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-46835",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46835"
},
{
"name": "CVE-2025-49714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49714"
},
{
"name": "CVE-2025-47178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47178"
},
{
"name": "CVE-2025-27614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27614"
},
{
"name": "CVE-2025-49701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49701"
},
{
"name": "CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"name": "CVE-2025-27613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27613"
},
{
"name": "CVE-2025-49737",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49737"
},
{
"name": "CVE-2025-49706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49706"
},
{
"name": "CVE-2025-49738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49738"
},
{
"name": "CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"name": "CVE-2025-49704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49704"
},
{
"name": "CVE-2025-48386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48386"
},
{
"name": "CVE-2025-49739",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49739"
},
{
"name": "CVE-2025-49719",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49719"
},
{
"name": "CVE-2025-49717",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49717"
},
{
"name": "CVE-2025-46334",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46334"
},
{
"name": "CVE-2025-49718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49718"
},
{
"name": "CVE-2025-49731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49731"
},
{
"name": "CVE-2025-49703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49703"
}
],
"initial_release_date": "2025-07-09T00:00:00",
"last_revision_date": "2025-07-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0579",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-49718",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49718"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-27614",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27614"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-49739",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49739"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-46835",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-46835"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-49714",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49714"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-49731",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49731"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-49717",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49717"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-27613",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27613"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-49719",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49719"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-49703",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49703"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-48386",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48386"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-48385",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48385"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-49706",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-49738",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49738"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-49737",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49737"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-49704",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-48384",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48384"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-46334",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-46334"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-49701",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49701"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-47178",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47178"
}
]
}
CVE-2025-49717 (GCVE-0-2025-49717)
Vulnerability from cvelistv5
Published
2025-07-08 16:57
Modified
2025-08-23 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2135.5 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49717",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T04:01:50.156271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:30:31.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2135.5",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1140.6",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 32)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4435.7",
"status": "affected",
"version": "15.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (CU 19)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.4200.1",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2135.5",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1140.6",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4435.7",
"versionStartIncluding": "15.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.4200.1",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T00:39:41.338Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49717"
}
],
"title": "Microsoft SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49717",
"datePublished": "2025-07-08T16:57:21.614Z",
"dateReserved": "2025-06-09T21:23:11.521Z",
"dateUpdated": "2025-08-23T00:39:41.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49738 (GCVE-0-2025-49738)
Vulnerability from cvelistv5
Published
2025-07-08 16:58
Modified
2025-08-23 00:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft PC Manager |
Version: 1.0.0 < 3.17.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T04:01:22.118596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:30:28.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft PC Manager",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.17.4",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:pc_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.17.4",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper link resolution before file access (\u0027link following\u0027) in Microsoft PC Manager allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T00:40:36.428Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft PC Manager Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49738"
}
],
"title": "Microsoft PC Manager Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49738",
"datePublished": "2025-07-08T16:58:15.207Z",
"dateReserved": "2025-06-09T22:49:37.618Z",
"dateUpdated": "2025-08-23T00:40:36.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49704 (GCVE-0-2025-49704)
Vulnerability from cvelistv5
Published
2025-07-08 16:58
Modified
2025-08-23 00:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5508.1000 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49704",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T15:36:56.826892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-07-22",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49704"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:36:09.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-22T00:00:00+00:00",
"value": "CVE-2025-49704 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Enterprise Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5508.1000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10417.20027",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "16.0.5508.1000",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.10417.20027",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper control of generation of code (\u0027code injection\u0027) in Microsoft Office SharePoint allows an authorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T00:40:27.115Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SharePoint Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704"
}
],
"title": "Microsoft SharePoint Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49704",
"datePublished": "2025-07-08T16:58:05.908Z",
"dateReserved": "2025-06-09T19:59:44.875Z",
"dateUpdated": "2025-08-23T00:40:27.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49718 (GCVE-0-2025-49718)
Vulnerability from cvelistv5
Published
2025-07-08 16:58
Modified
2025-08-23 00:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-908 - Use of Uninitialized Resource
Summary
Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2135.5 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T13:45:45.753841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T13:45:56.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2135.5",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1140.6",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (CU 19)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.4200.1",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 32)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4435.7",
"status": "affected",
"version": "15.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2135.5",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1140.6",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.4200.1",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4435.7",
"versionStartIncluding": "15.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908: Use of Uninitialized Resource",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T00:40:29.685Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SQL Server Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49718"
}
],
"title": "Microsoft SQL Server Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49718",
"datePublished": "2025-07-08T16:58:08.668Z",
"dateReserved": "2025-06-09T21:23:11.521Z",
"dateUpdated": "2025-08-23T00:40:29.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49731 (GCVE-0-2025-49731)
Vulnerability from cvelistv5
Published
2025-07-08 16:57
Modified
2025-08-23 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Summary
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Teams for Android |
Version: 1.0.0 < 1.0.0.2025112902 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T04:01:24.341864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:30:31.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Teams for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.0.0.2025112902",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Teams for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.10.1 (100772025102901)",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Teams for Desktop",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "25060212643",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
"versionEndExcluding": "1.0.0.2025112902",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "7.10.1 (100772025102901)",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25060212643",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T00:39:44.215Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Teams Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49731"
}
],
"title": "Microsoft Teams Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49731",
"datePublished": "2025-07-08T16:57:24.562Z",
"dateReserved": "2025-06-09T21:23:11.523Z",
"dateUpdated": "2025-08-23T00:39:44.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27613 (GCVE-0-2025-27613)
Vulnerability from cvelistv5
Published
2025-07-10 14:58
Modified
2025-07-10 15:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled before in Gitk's Preferences. This option is disabled by default. The same happens when Show origin of this line is used in the main window (regardless of whether Support per-file encoding is enabled or not). This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27613",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T15:55:29.551008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T15:55:34.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gitk",
"vendor": "j6t",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 2.43.7"
},
{
"status": "affected",
"version": "\u003e= 2.44.0, \u003c 2.44.4"
},
{
"status": "affected",
"version": "\u003e= 2.45.0, \u003c 2.45.4"
},
{
"status": "affected",
"version": "\u003e= 2.46.0, \u003c 2.46.4"
},
{
"status": "affected",
"version": "\u003e= 2.47.0, \u003c 2.47.3"
},
{
"status": "affected",
"version": "\u003e= 2.48.0, \u003c 2.48.2"
},
{
"status": "affected",
"version": "\u003e= 2.49.0, \u003c 2.49.1"
},
{
"status": "affected",
"version": "\u003e= 2.50.0, \u003c 2.50.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled before in Gitk\u0027s Preferences. This option is disabled by default. The same happens when Show origin of this line is used in the main window (regardless of whether Support per-file encoding is enabled or not). This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T14:58:16.752Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v"
},
{
"name": "https://github.com/j6t/gitk/compare/465f03869ae11acd04abfa1b83c67879c867410c..026c397d911cde55924d7eb1311d0fd6e2e105d5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/j6t/gitk/compare/465f03869ae11acd04abfa1b83c67879c867410c..026c397d911cde55924d7eb1311d0fd6e2e105d5"
},
{
"name": "https://github.com/j6t/gitk/compare/7dd272eca153058da2e8d5b9960bbbf0b4f0cbaa..67a128b91e25978a15f9f7e194d81b441d603652",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/j6t/gitk/compare/7dd272eca153058da2e8d5b9960bbbf0b4f0cbaa..67a128b91e25978a15f9f7e194d81b441d603652"
}
],
"source": {
"advisory": "GHSA-f3cw-xrj3-wr2v",
"discovery": "UNKNOWN"
},
"title": "Gitk can create and truncate files in the user\u0027s home directory"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27613",
"datePublished": "2025-07-10T14:58:16.752Z",
"dateReserved": "2025-03-03T15:10:34.079Z",
"dateUpdated": "2025-07-10T15:55:34.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27614 (GCVE-0-2025-27614)
Vulnerability from cvelistv5
Published
2025-07-10 15:02
Modified
2025-07-10 15:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T15:54:41.814461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T15:54:47.537Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gitk",
"vendor": "j6t",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.41.0, \u003c 2.43.7"
},
{
"status": "affected",
"version": "\u003e= 2.44.0, \u003c 2.44.4"
},
{
"status": "affected",
"version": "\u003e= 2.45.0, \u003c 2.45.4"
},
{
"status": "affected",
"version": "\u003e= 2.46.0, \u003c 2.46.4"
},
{
"status": "affected",
"version": "\u003e= 2.47.0, \u003c 2.47.3"
},
{
"status": "affected",
"version": "\u003e= 2.48.0, \u003c 2.48.2"
},
{
"status": "affected",
"version": "\u003e= 2.49.0, \u003c 2.49.1"
},
{
"status": "affected",
"version": "\u003e= 2.50.0, \u003c 2.50.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T15:02:25.947Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/j6t/gitk/security/advisories/GHSA-g4v5-fjv9-mhhc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/j6t/gitk/security/advisories/GHSA-g4v5-fjv9-mhhc"
},
{
"name": "https://github.com/j6t/gitk/commit/8e3070aa5e331be45d4d03e3be41f84494fce129",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/j6t/gitk/commit/8e3070aa5e331be45d4d03e3be41f84494fce129"
}
],
"source": {
"advisory": "GHSA-g4v5-fjv9-mhhc",
"discovery": "UNKNOWN"
},
"title": "Gitk allows arbitrary command execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27614",
"datePublished": "2025-07-10T15:02:25.947Z",
"dateReserved": "2025-03-03T15:10:34.080Z",
"dateUpdated": "2025-07-10T15:54:47.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49739 (GCVE-0-2025-49739)
Vulnerability from cvelistv5
Published
2025-07-08 16:58
Modified
2025-08-23 00:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.75 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T04:02:00.556215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:30:27.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.9.75",
"status": "affected",
"version": "15.9.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.49",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.10",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.23",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.17",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2015 Update 3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.27564.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.8",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.9.75",
"versionStartIncluding": "15.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.49",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.10",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.23",
"versionStartIncluding": "17.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.17",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2015:*:update3:*:*:*:*:*:*",
"versionEndExcluding": "14.0.27564.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.8",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper link resolution before file access (\u0027link following\u0027) in Visual Studio allows an unauthorized attacker to elevate privileges over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T00:40:37.013Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49739"
}
],
"title": "Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49739",
"datePublished": "2025-07-08T16:58:15.788Z",
"dateReserved": "2025-06-09T22:49:37.618Z",
"dateUpdated": "2025-08-23T00:40:37.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49719 (GCVE-0-2025-49719)
Vulnerability from cvelistv5
Published
2025-07-08 16:57
Modified
2025-08-23 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2075.8 |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T19:20:56.146229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T19:47:32.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2017 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.2075.8",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2016 for Service Pack 2 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "13.0.6460.7",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2135.5",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "13.0.7055.9",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2017 (CU 31)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.3495.9",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1140.6",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 32)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4435.7",
"status": "affected",
"version": "15.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (CU 19)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.4200.1",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
"versionEndExcluding": "14.0.2075.8",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp2:*:*:*:*:x64:*",
"versionEndExcluding": "13.0.6460.7",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2135.5",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*",
"versionEndExcluding": "13.0.7055.9",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
"versionEndExcluding": "14.0.3495.9",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1140.6",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4435.7",
"versionStartIncluding": "15.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.4200.1",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T00:39:41.823Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SQL Server Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49719"
}
],
"title": "Microsoft SQL Server Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49719",
"datePublished": "2025-07-08T16:57:22.103Z",
"dateReserved": "2025-06-09T21:23:11.521Z",
"dateUpdated": "2025-08-23T00:39:41.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49701 (GCVE-0-2025-49701)
Vulnerability from cvelistv5
Published
2025-07-08 16:58
Modified
2025-08-23 00:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5508.1000 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T13:47:32.840206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T13:47:38.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Enterprise Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5508.1000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10417.20027",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server Subscription Edition",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.18526.20424",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "16.0.5508.1000",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.10417.20027",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
"versionEndExcluding": "16.0.18526.20424",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T00:40:25.158Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SharePoint Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49701"
}
],
"title": "Microsoft SharePoint Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49701",
"datePublished": "2025-07-08T16:58:04.067Z",
"dateReserved": "2025-06-09T19:59:44.875Z",
"dateUpdated": "2025-08-23T00:40:25.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48385 (GCVE-0-2025-48385)
Vulnerability from cvelistv5
Published
2025-07-08 18:23
Modified
2025-07-08 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. The use of bundle URIs is not enabled by default and can be controlled by the bundle.heuristic config option. Some cases of the vulnerability require that the adversary is in control of where a repository will be cloned to. This either requires social engineering or a recursive clone with submodules. These cases can thus be avoided by disabling recursive clones. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T18:38:28.946672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T18:38:41.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "git",
"vendor": "git",
"versions": [
{
"status": "affected",
"version": "\u003c 2.43.7"
},
{
"status": "affected",
"version": "\u003e= 2.44.0-rc0, \u003c 2.44.4"
},
{
"status": "affected",
"version": "\u003e= 2.45.0-rc0, \u003c 2.45.4"
},
{
"status": "affected",
"version": "\u003e= 2.46.0-rc0, \u003c 2.46.4"
},
{
"status": "affected",
"version": "\u003e= 2.47.0-rc0, \u003c 2.47.3"
},
{
"status": "affected",
"version": "\u003e= 2.48.0-rc0, \u003c 2.48.2"
},
{
"status": "affected",
"version": "\u003e= 2.49.0-rc0, \u003c 2.49.1"
},
{
"status": "affected",
"version": "\u003e= 2.50.0-rc0, \u003c 2.50.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. The use of bundle URIs is not enabled by default and can be controlled by the bundle.heuristic config option. Some cases of the vulnerability require that the adversary is in control of where a repository will be cloned to. This either requires social engineering or a recursive clone with submodules. These cases can thus be avoided by disabling recursive clones. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T18:23:44.405Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"
}
],
"source": {
"advisory": "GHSA-m98c-vgpc-9655",
"discovery": "UNKNOWN"
},
"title": "Git alllows arbitrary file writes via bundle-uri parameter injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48385",
"datePublished": "2025-07-08T18:23:44.405Z",
"dateReserved": "2025-05-19T15:46:00.397Z",
"dateUpdated": "2025-07-08T18:38:41.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49737 (GCVE-0-2025-49737)
Vulnerability from cvelistv5
Published
2025-07-08 16:58
Modified
2025-08-23 00:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Summary
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Teams for Mac |
Version: 1.0.0.0 < 25163.3001.3726.6503 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49737",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T04:01:25.440186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:30:28.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Teams for Mac",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "25163.3001.3726.6503",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:mac:*:*",
"versionEndExcluding": "25163.3001.3726.6503",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Microsoft Teams allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T00:40:35.866Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Teams Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49737"
}
],
"title": "Microsoft Teams Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49737",
"datePublished": "2025-07-08T16:58:14.537Z",
"dateReserved": "2025-06-09T22:49:37.617Z",
"dateUpdated": "2025-08-23T00:40:35.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46334 (GCVE-0-2025-46334)
Vulnerability from cvelistv5
Published
2025-07-10 15:06
Modified
2025-07-10 15:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable always includes the current directory. The mentioned programs are invoked when the user selects Git Bash or Browse Files from the menu. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T15:54:14.118257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T15:54:21.085Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "git-gui",
"vendor": "j6t",
"versions": [
{
"status": "affected",
"version": "\u003c 2.43.7"
},
{
"status": "affected",
"version": "\u003e= 2.44.0, \u003c 2.44.4"
},
{
"status": "affected",
"version": "\u003e= 2.45.0, \u003c 2.45.4"
},
{
"status": "affected",
"version": "\u003e= 2.46.0, \u003c 2.46.4"
},
{
"status": "affected",
"version": "\u003e= 2.47.0, \u003c 2.47.3"
},
{
"status": "affected",
"version": "\u003e= 2.48.0, \u003c 2.48.2"
},
{
"status": "affected",
"version": "\u003e= 2.49.0, \u003c 2.49.1"
},
{
"status": "affected",
"version": "\u003e= 2.50.0, \u003c 2.50.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable always includes the current directory. The mentioned programs are invoked when the user selects Git Bash or Browse Files from the menu. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T15:06:12.757Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/j6t/git-gui/security/advisories/GHSA-7px4-9hg2-fvhx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/j6t/git-gui/security/advisories/GHSA-7px4-9hg2-fvhx"
},
{
"name": "https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a1ccd2512072cf52835050f4c97a4fba9f0ec8f9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a1ccd2512072cf52835050f4c97a4fba9f0ec8f9"
}
],
"source": {
"advisory": "GHSA-7px4-9hg2-fvhx",
"discovery": "UNKNOWN"
},
"title": "Git GUI malicious command injection on Windows"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46334",
"datePublished": "2025-07-10T15:06:12.757Z",
"dateReserved": "2025-04-22T22:41:54.911Z",
"dateUpdated": "2025-07-10T15:54:21.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46835 (GCVE-0-2025-46835)
Vulnerability from cvelistv5
Published
2025-07-10 15:09
Modified
2025-07-10 15:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Summary
Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T15:53:11.968495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T15:53:21.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "git-gui",
"vendor": "j6t",
"versions": [
{
"status": "affected",
"version": "\u003c 2.43.7"
},
{
"status": "affected",
"version": "\u003e= 2.44.0, \u003c 2.44.4"
},
{
"status": "affected",
"version": "\u003e= 2.45.0, \u003c 2.45.4"
},
{
"status": "affected",
"version": "\u003e= 2.46.0, \u003c 2.46.4"
},
{
"status": "affected",
"version": "\u003e= 2.47.0, \u003c 2.47.3"
},
{
"status": "affected",
"version": "\u003e= 2.48.0, \u003c 2.48.2"
},
{
"status": "affected",
"version": "\u003e= 2.49.0, \u003c 2.49.1"
},
{
"status": "affected",
"version": "\u003e= 2.50.0, \u003c 2.50.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T15:09:42.735Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg"
},
{
"name": "https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da"
}
],
"source": {
"advisory": "GHSA-xfx7-68v4-v8fg",
"discovery": "UNKNOWN"
},
"title": "Git GUI can create and overwrite files for which the user has write permission"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46835",
"datePublished": "2025-07-10T15:09:42.735Z",
"dateReserved": "2025-04-30T19:41:58.135Z",
"dateUpdated": "2025-07-10T15:53:21.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49703 (GCVE-0-2025-49703)
Vulnerability from cvelistv5
Published
2025-07-08 16:58
Modified
2025-08-23 00:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5508.1000 |
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T04:01:19.838168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:30:29.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Enterprise Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5508.1000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10417.20027",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft 365 Apps for Enterprise",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Office LTSC for Mac 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.99.25071321",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"product": "Microsoft Office LTSC 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Office LTSC for Mac 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.99.25071321",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Word 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5508.1000",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "16.0.5508.1000",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.10417.20027",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.99.25071321",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.99.25071321",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.5508.1000",
"versionStartIncluding": "16.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T00:40:26.548Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Word Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49703"
}
],
"title": "Microsoft Word Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49703",
"datePublished": "2025-07-08T16:58:05.341Z",
"dateReserved": "2025-06-09T19:59:44.875Z",
"dateUpdated": "2025-08-23T00:40:26.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49714 (GCVE-0-2025-49714)
Vulnerability from cvelistv5
Published
2025-07-08 16:58
Modified
2025-08-23 00:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-501 - Trust Boundary Violation
Summary
Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Python extension for Visual Studio Code |
Version: 2020 < 2025.8.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T04:02:11.790802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:30:28.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Python extension for Visual Studio Code",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2025.8.1",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_code:*:*:*:*:*:python:*:*",
"versionEndExcluding": "2025.8.1",
"versionStartIncluding": "2020",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-501",
"description": "CWE-501: Trust Boundary Violation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T00:40:29.044Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Visual Studio Code Python Extension Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49714"
}
],
"title": "Visual Studio Code Python Extension Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49714",
"datePublished": "2025-07-08T16:58:08.064Z",
"dateReserved": "2025-06-09T21:23:11.520Z",
"dateUpdated": "2025-08-23T00:40:29.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47178 (GCVE-0-2025-47178)
Vulnerability from cvelistv5
Published
2025-07-08 16:57
Modified
2025-08-23 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Configuration Manager |
Version: 1.0.0 < 5.00.9135.1003 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T04:01:57.302720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:30:30.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Configuration Manager",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.00.9135.1003",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:configuration_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.00.9135.1003",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T00:39:45.508Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Configuration Manager Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47178"
}
],
"title": "Microsoft Configuration Manager Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-47178",
"datePublished": "2025-07-08T16:57:25.690Z",
"dateReserved": "2025-05-01T17:10:57.981Z",
"dateUpdated": "2025-08-23T00:39:45.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48386 (GCVE-0-2025-48386)
Vulnerability from cvelistv5
Published
2025-07-08 18:23
Modified
2025-07-08 18:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T18:46:25.350003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T18:46:36.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "git",
"vendor": "git",
"versions": [
{
"status": "affected",
"version": "\u003c 2.43.7"
},
{
"status": "affected",
"version": "\u003e= 2.44.0-rc0, \u003c 2.44.4"
},
{
"status": "affected",
"version": "\u003e= 2.45.0-rc0, \u003c 2.45.4"
},
{
"status": "affected",
"version": "\u003e= 2.46.0-rc0, \u003c 2.46.4"
},
{
"status": "affected",
"version": "\u003e= 2.47.0-rc0, \u003c 2.47.3"
},
{
"status": "affected",
"version": "\u003e= 2.48.0-rc0, \u003c 2.48.2"
},
{
"status": "affected",
"version": "\u003e= 2.49.0-rc0, \u003c 2.49.1"
},
{
"status": "affected",
"version": "\u003e= 2.50.0-rc0, \u003c 2.50.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T18:23:41.246Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr"
}
],
"source": {
"advisory": "GHSA-4v56-3xvj-xvfr",
"discovery": "UNKNOWN"
},
"title": "Git allows a buffer overflow in \u0027wincred\u0027 credential helper"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48386",
"datePublished": "2025-07-08T18:23:41.246Z",
"dateReserved": "2025-05-19T15:46:00.397Z",
"dateUpdated": "2025-07-08T18:46:36.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49706 (GCVE-0-2025-49706)
Vulnerability from cvelistv5
Published
2025-07-08 16:58
Modified
2025-08-23 00:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5508.1000 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49706",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T03:55:23.189017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-07-22",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49706"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:36:09.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-22T00:00:00+00:00",
"value": "CVE-2025-49706 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Enterprise Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5508.1000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10417.20027",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server Subscription Edition",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.18526.20424",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "16.0.5508.1000",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.10417.20027",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
"versionEndExcluding": "16.0.18526.20424",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T00:40:28.398Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SharePoint Server Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706"
}
],
"title": "Microsoft SharePoint Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49706",
"datePublished": "2025-07-08T16:58:07.343Z",
"dateReserved": "2025-06-09T19:59:44.875Z",
"dateUpdated": "2025-08-23T00:40:28.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48384 (GCVE-0-2025-48384)
Vulnerability from cvelistv5
Published
2025-07-08 18:23
Modified
2025-08-26 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48384",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-08-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48384"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T03:55:22.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2025-08-25T00:00:00+00:00",
"value": "CVE-2025-48384 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "git",
"vendor": "git",
"versions": [
{
"status": "affected",
"version": "\u003c 2.43.7"
},
{
"status": "affected",
"version": "\u003e= 2.44.0-rc0, \u003c 2.44.4"
},
{
"status": "affected",
"version": "\u003e= 2.45.0-rc0, \u003c 2.45.4"
},
{
"status": "affected",
"version": "\u003e= 2.46.0-rc0, \u003c 2.46.4"
},
{
"status": "affected",
"version": "\u003e= 2.47.0-rc0, \u003c 2.47.3"
},
{
"status": "affected",
"version": "\u003e= 2.48.0-rc0, \u003c 2.48.2"
},
{
"status": "affected",
"version": "\u003e= 2.49.0-rc0, \u003c 2.49.1"
},
{
"status": "affected",
"version": "\u003e= 2.50.0-rc0, \u003c 2.50.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-436",
"description": "CWE-436: Interpretation Conflict",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T18:23:48.710Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
}
],
"source": {
"advisory": "GHSA-vwqx-4fm8-6qc9",
"discovery": "UNKNOWN"
},
"title": "Git allows arbitrary code execution through broken config quoting"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48384",
"datePublished": "2025-07-08T18:23:48.710Z",
"dateReserved": "2025-05-19T15:46:00.397Z",
"dateUpdated": "2025-08-26T03:55:22.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…