CVE-2025-48384

설명

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the al...

영향 제품·버전

공급사 Git

제품 Git

영향 버전 < 2.43.7, >= 2.44.0-rc0, < 2.44.4, >= 2.45.0-rc0, < 2.45.4, >= 2.46.0-rc0, < 2.46.4, >= 2.47.0-rc0, < 2.47.3, >= 2.48.0-rc0, < 2.48.2, >= 2.49.0-rc0, < 2.49.1, >= 2.50.0-rc0, < 2.50.1, >= 2.44.0 < 2.44.4, >= 2.45.0 < 2.45.4, >= 2.46.0 < 2.46.4, >= 2.47.0 < 2.47.3, >= 2.48.0 < 2.48.2, >= 2.49.0 < 2.49.1, >= 2.50.0 < 2.50.1, 11.0, < 26.0

수정 버전 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, 2.50.1, 26.0

조치 방법

• 공급사가 제공한 최신 보안 업데이트 적용
• 자사 보유 제품과 영향 버전의 일치 여부 확인
• 외부 노출 서비스와 비정상 인증·접속 로그 점검
• 패치가 어려우면 공급사 완화조치와 접근통제 적용

기술 정보

CVSS 벡터 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE CWE-436, CWE-59

KEV 등록일 2025.08.25

랜섬웨어 캠페인 사용 미확인

CISA 비고 This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 ; https://access.redhat.com/errata/RHSA-2025:13933 ; https://alas.aws.amazon.com/AL2/ALAS2-2025-2941.html ; https://linux.oracle.com/errata/ELSA-2025-11534.html ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48384 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48384

EPSS 데이터 기준일 2026.06.27