{
  "threat_severity" : "Low",
  "public_date" : "2025-07-10T15:09:42Z",
  "bugzilla" : {
    "description" : "git: Git GUI can create and overwrite files for which the user has write permission",
    "id" : "2379326",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2379326"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-88",
  "details" : [ "Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.", "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue." ],
  "statement" : "Red Hat Product Security team has rated this vulnerability as having a Low severity. The is due to the high complexity in exploiting the vulnerability. Additionally, the user needs to be tricked into cloning an untrusted repository and editing a file located in a directory with a maliciously crafted name.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-07-22T00:00:00Z",
    "advisory" : "RHSA-2025:11533",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.0",
    "package" : "git-0:2.47.3-1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-07-23T00:00:00Z",
    "advisory" : "RHSA-2025:11534",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "git-0:2.43.7-1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-07-21T00:00:00Z",
    "advisory" : "RHSA-2025:11462",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "git-0:2.47.3-1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "git",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "git",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Dev Spaces",
    "fix_state" : "Fix deferred",
    "package_name" : "devspaces/code-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_devspaces:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-46835\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-46835\nhttps://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da\nhttps://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg" ],
  "name" : "CVE-2025-46835",
  "csaw" : false
}