CVE-2025-48384 — Git CR (“\r”) Parsing Bug Enables Arbitrary File Write & RCE A CyberDudeBivash deep-dive for CISOs, AppSec leads, and DevOps teams

Executive brief

What it is: A high-severity Git bug where trailing carriage-return (CR) characters are stripped when reading config values but not properly quoted when writing them. This mismatch lets attackers smuggle a CR into submodule paths and other config entries, so Git later interprets a different, attacker-chosen path. That path can be steered through symlinks into hooks directories, yielding arbitrary file write and hook-based code execution during clone/checkout flows. The GitHub Blog GitHub Red Hat Customer Portal
Impact: On UNIX-like systems, cloning an untrusted repository (especially with --recursive) can lead to post-checkout / post-merge hook execution—i.e., RCE. CI/CD runners, developer workstations, and build servers are at risk. securitylabs.datadoghq.com Arctic Wolf dgl.cx
Actively exploited / KEV: CISA added CVE-2025-48384 to the Known Exploited Vulnerabilities catalog; public advisories report in-the-wild exploitation. Patch deadlines were set for U.S. federal civilian agencies. BleepingComputer TechRadar
Fixed versions: Git 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, 2.50.1. Vendors (e.g., Red Hat) have issued updates. TechRadar Red Hat Customer Portal

Root cause (why CR matters)

Git’s config pipeline has asymmetric CR/LF handling:

Read path: When Git reads a config value, it strips trailing CR/LF.
Write path: When Git writes a config value that itself ends with \r, it fails to quote it, so the literal CR is not preserved in a way the read path understands.
Result: A value containing a trailing \r is silently transformed between write and subsequent read; for submodule path this can redirect where Git places files. GitHub Red Hat Customer Portal

Attackers weaponize this by crafting .gitmodules (or other config) so that a seemingly benign submodule resolves to a different on-disk location after the CR is stripped—e.g., into .git/hooks/ via a symlink chain, enabling arbitrary hook file write. On the next checkout/merge, the hook executes. securitylabs.datadoghq.com Arctic Wolf

Exploitation outline (developer & CI risk)

A realistic attack path:

Untrusted repo contains malicious submodule metadata with a trailing \r in path.
Victim runs git clone --recursive <repo> (or CI does).
Git resolves the path inconsistently; with symlink games, the submodule’s files land in .git/hooks/post-checkout (or another hook).
On checkout/merge, the hook runs → RCE under the user or CI account. dgl.cx

Some advisories also highlight the arbitrary file write angle even without immediate hook execution (still critical in pipeline contexts). securitylabs.datadoghq.com

Affected scenarios & severity

Who’s at risk: Developer laptops, CI/CD runners, build agents, ephemeral cloud builders, and any system that clones untrusted repos or submodules.
Platforms: Impact demonstrated primarily on UNIX-like systems due to path and hook semantics. securitylabs.datadoghq.com
Severity/KEV: Rated high/critical; CISA KEV inclusion confirms active exploitation and mandates fast patching for FCEB. BleepingComputer TechRadar

Detection & hunting (SOC playbook)

Network & repo intel

Flag clones of unvetted public repos—especially with --recursive.
Watch for unusual QUIC/HTTP(S) traffic to new, unvetted origins in build jobs (supply-chain pull events).

Host/EDR signals

New or modified files under repo/.git/hooks/ shortly after clone/checkout.
Executable bit set on hook files that were not part of your golden repo baseline.
Shells spawned by Git subcommands (post-checkout, post-merge, post-rewrite).

Content heuristics

.gitmodules with trailing CRs or odd whitespace in path entries.
Repos containing symlinks that ultimately point to .git/hooks/ or other control files.

Threat intel

Match against PoCs & write-ups (keep hashes/IoCs from public PoCs). GitHub

Mitigation & hardening (CyberDudeBivash action plan)

1) Patch Git everywhere

Upgrade to 2.43.7 / 2.44.4 / 2.45.4 / 2.46.4 / 2.47.3 / 2.48.2 / 2.49.1 / 2.50.1 (or newer) across workstations and CI.
Update embedded Git in GUIs/IDEs (GitHub Desktop, etc.). TechRadar

2) Lock down hooks

In global config, set core.hooksPath to a read-only, admin-controlled directory.
In CI, mount hooks directory read-only or override it entirely to a clean path for each job.

3) Guard recursive submodules

Until patched, avoid --recursive on untrusted repos. Fetch submodules only from allow-listed origins. TechRadar

4) Repository admission controls

Enforce pre-clone scanning: reject repos whose .gitmodules contains CR-tainted paths or symlink tricks.
Mirror/”vendored” strategy: ingest external deps via an internal proxy/mirror that runs sanitizers first.

5) CI/CD policy

Run builds in ephemeral, non-privileged containers with no interactive shells.
Deny outbound network except to approved package mirrors to curb payload fetches post-compromise.

6) Monitoring rules (examples)

SIEM: alert on file creation under **/.git/hooks/* by git processes.
EDR: detect execution from any file path within a Git worktree’s hooks.

Version & vendor guidance

Upstream advisory: Git project security note describes the read/write CR asymmetry and submodule path mis-resolution. GitHub
NVD/Red Hat: Trackers explain the line-end handling flaw and shipped fixes across distros. NVD Red Hat Customer Portal
Ecosystem notices: GitHub blog, vendor posts, and incident reports emphasize arbitrary file write → RCE via hooks and call for urgent upgrades. The GitHub Blog OITS

Risk to software supply chains (why CISOs must care)

Because clone is everywhere (local dev, CI, dependency bots), this bug is a choke point an attacker can abuse to smuggle code into builds with no maintainer approval. That raises the risk of:

Build-time implants (signed artifacts compromised at source).
Lateral movement from compromised CI runners into cloud control planes.
Widespread developer workstation compromise via innocuous-looking repos. Cyber Security News Help Net Security

Quick FAQ for engineering teams

Is Windows affected? Impact is primarily demonstrated on UNIX-like systems where hook semantics + path behaviors make exploitation practical; still patch everywhere. securitylabs.datadoghq.com
If we vendor deps, are we safe? Only if your mirror sanitizes .gitmodules and you block hooks. Otherwise, a poisoned upstream can still propagate.
Can we just disable hooks? Setting core.hooksPath to a protected empty dir is a strong mitigation, but still patch Git to remove the arbitrary file-write vector.

CyberDudeBivash verdict

CVE-2025-48384 is a clean, elegant supply-chain attack primitive that weaponizes a tiny parsing asymmetry into file-write and RCE during everyday git clone workflows. Treat it as a top-tier pipeline risk:

Patch Git now (all dev, CI, and embedded installations).
Harden hooks and submodules policies.
Scan and sanitize repositories before they enter your environment.
Instrument detection for hook writes & executions.

With those controls in place, you close a high-leverage door that attackers are already testing in the wild.

Sources & further reading

GitHub blog: security announcement & root-cause notes. The GitHub Blog
Upstream advisory (GHSA) and NVD entry. GitHub NVD
Datadog Security Labs technical analysis (arbitrary file write → RCE). securitylabs.datadoghq.com
Arctic Wolf & community PoCs / explanations. Arctic Wolf dgl.cx GitHub
CISA / BleepingComputer / TechRadar on active exploitation & KEV. BleepingComputer TechRadar

Cyberdudebivash