CVE-2025-27613: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in j6t gitk
Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled before in Gitk's Preferences. This option is disabled by default. The same happens when Show origin of this line is used in the main window (regardless of whether Support per-file encoding is enabled or not). This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.
AI Analysis
Technical Summary
CVE-2025-27613 is an OS command injection vulnerability classified under CWE-78 affecting the j6t gitk tool, a Tcl/Tk based Git history browser. The vulnerability exists in gitk versions starting from 1.7.0 up to various patched versions prior to 2.43.7 and subsequent minor releases. The issue arises when a user clones an untrusted Git repository and runs gitk without additional command-line arguments. Specifically, if the 'Support per-file encoding' option has been enabled in gitk's Preferences (which is disabled by default), the application may create or truncate files for which the user has write permissions. Additionally, invoking the 'Show origin of this line' feature in the main window triggers the same behavior regardless of the encoding option's state. This improper neutralization of special elements used in OS commands can lead to unintended file modifications, potentially allowing an attacker to alter files on the victim's system. The vulnerability requires local access to run gitk on a cloned repository and user interaction to trigger the vulnerable functionality. The CVSS 3.1 base score is 3.6 (low severity), reflecting local attack vector, low complexity, no privileges required, but requiring user interaction and resulting in integrity impact without confidentiality or availability loss. No known exploits in the wild have been reported. The issue has been fixed in gitk versions 2.43.7 and later patch releases.
Potential Impact
For European organizations, the impact of this vulnerability is primarily on developers and users who utilize gitk to browse Git history, especially when working with untrusted repositories. The vulnerability could allow an attacker to manipulate files on the user's system, potentially leading to code tampering, insertion of malicious code, or disruption of development workflows. While the impact is limited to integrity and does not affect confidentiality or availability, the risk is heightened in environments where developers frequently clone external or third-party repositories without strict validation. This could lead to supply chain risks or compromise of development environments. Since exploitation requires user interaction and local execution, the threat is more relevant to individual developer workstations rather than automated CI/CD pipelines or servers. European organizations with large software development teams or open-source contributors may face increased exposure, particularly if gitk is part of their toolchain and users enable the vulnerable preferences or features.
Mitigation Recommendations
Organizations should ensure that all instances of gitk are updated to the patched versions 2.43.7 or later. As a practical measure, users should avoid enabling the 'Support per-file encoding' option unless necessary and exercise caution when using the 'Show origin of this line' feature, especially with repositories from untrusted sources. Development teams should implement policies to restrict cloning of untrusted repositories or perform repository validation before use. Additionally, endpoint protection solutions can be configured to monitor and alert on unexpected file modifications initiated by gitk processes. Training developers to recognize the risks of running GUI tools on untrusted code and enforcing least privilege principles on developer workstations will further reduce risk. Finally, integrating automated scanning of developer tools and environments for outdated versions can help maintain compliance with security updates.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland
CVE-2025-27613: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in j6t gitk
Description
Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled before in Gitk's Preferences. This option is disabled by default. The same happens when Show origin of this line is used in the main window (regardless of whether Support per-file encoding is enabled or not). This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.
AI-Powered Analysis
Technical Analysis
CVE-2025-27613 is an OS command injection vulnerability classified under CWE-78 affecting the j6t gitk tool, a Tcl/Tk based Git history browser. The vulnerability exists in gitk versions starting from 1.7.0 up to various patched versions prior to 2.43.7 and subsequent minor releases. The issue arises when a user clones an untrusted Git repository and runs gitk without additional command-line arguments. Specifically, if the 'Support per-file encoding' option has been enabled in gitk's Preferences (which is disabled by default), the application may create or truncate files for which the user has write permissions. Additionally, invoking the 'Show origin of this line' feature in the main window triggers the same behavior regardless of the encoding option's state. This improper neutralization of special elements used in OS commands can lead to unintended file modifications, potentially allowing an attacker to alter files on the victim's system. The vulnerability requires local access to run gitk on a cloned repository and user interaction to trigger the vulnerable functionality. The CVSS 3.1 base score is 3.6 (low severity), reflecting local attack vector, low complexity, no privileges required, but requiring user interaction and resulting in integrity impact without confidentiality or availability loss. No known exploits in the wild have been reported. The issue has been fixed in gitk versions 2.43.7 and later patch releases.
Potential Impact
For European organizations, the impact of this vulnerability is primarily on developers and users who utilize gitk to browse Git history, especially when working with untrusted repositories. The vulnerability could allow an attacker to manipulate files on the user's system, potentially leading to code tampering, insertion of malicious code, or disruption of development workflows. While the impact is limited to integrity and does not affect confidentiality or availability, the risk is heightened in environments where developers frequently clone external or third-party repositories without strict validation. This could lead to supply chain risks or compromise of development environments. Since exploitation requires user interaction and local execution, the threat is more relevant to individual developer workstations rather than automated CI/CD pipelines or servers. European organizations with large software development teams or open-source contributors may face increased exposure, particularly if gitk is part of their toolchain and users enable the vulnerable preferences or features.
Mitigation Recommendations
Organizations should ensure that all instances of gitk are updated to the patched versions 2.43.7 or later. As a practical measure, users should avoid enabling the 'Support per-file encoding' option unless necessary and exercise caution when using the 'Show origin of this line' feature, especially with repositories from untrusted sources. Development teams should implement policies to restrict cloning of untrusted repositories or perform repository validation before use. Additionally, endpoint protection solutions can be configured to monitor and alert on unexpected file modifications initiated by gitk processes. Training developers to recognize the risks of running GUI tools on untrusted code and enforcing least privilege principles on developer workstations will further reduce risk. Finally, integrating automated scanning of developer tools and environments for outdated versions can help maintain compliance with security updates.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-03-03T15:10:34.079Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 686fd5b8a83201eaaca851ac
Added to database: 7/10/2025, 3:01:12 PM
Last enriched: 7/10/2025, 3:16:30 PM
Last updated: 7/10/2025, 4:34:54 PM
Views: 4
Related Threats
CVE-2025-53371: CWE-400: Uncontrolled Resource Consumption in miraheze DiscordNotifications
CriticalCVE-2025-7410: SQL Injection in code-projects LifeStyle Store
MediumCVE-2025-53020: CWE-401 Missing Release of Memory after Effective Lifetime in Apache Software Foundation Apache HTTP Server
HighCVE-2025-49812: CWE-287 Improper Authentication in Apache Software Foundation Apache HTTP Server
HighCVE-2025-49630: CWE-617 Reachable Assertion in Apache Software Foundation Apache HTTP Server
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.