CVE-2025-46835: 
vulnerability analysis and mitigation

Git GUI, a graphical interface for Git source control management tools, was found to contain a security vulnerability (CVE-2025-46835) discovered in July 2025. The vulnerability affects Git GUI versions up to 2.50.0 and has been fixed in versions 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1. The issue was identified by Johannes Sixt and involves improper file modification constraints management (GitHub Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 8.5 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L. The vulnerability is classified as an Argument Injection issue (CWE-88), where Git GUI fails to properly manage file modification constraints when handling files in maliciously named directories (NVD).

When exploited, this vulnerability allows an attacker to create and overwrite files for which the user has write permission on the system. The vulnerability has high impact on both confidentiality and integrity, with a low impact on availability. The scope is changed, indicating that the vulnerability can affect resources beyond its security scope (GitHub Advisory).

The primary mitigation is to update Git GUI to one of the patched versions: 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, or 2.50.1. As a workaround, users are advised not to use Git GUI to inspect or modify untrusted repositories (GitHub Advisory).