CVE-2025-46835: 
vulnerability analysis and mitigation

CVE-2025-46835 is a vulnerability in Git GUI that allows file overwrite when a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory. The vulnerability was discovered and fixed by Johannes Sixt, with the fix being released on July 8, 2025, as part of multiple Git security updates (OSS Security).

The vulnerability affects Git GUI and enables an attacker to create and overwrite any writable file when a user edits a file located in a maliciously named directory within a cloned untrusted repository. The issue affects multiple Git versions older than v2.50.0 and has been fixed in versions v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, and v2.49.1 (OSS Security).

When exploited, this vulnerability allows attackers to create and overwrite any writable file on the system through Git GUI when users interact with maliciously crafted repositories (OSS Security).

Users are recommended to upgrade to the latest patched versions of Git: v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, or v2.49.1. These versions contain the necessary security fixes to address the vulnerability (OSS Security).