CVE-2025-46334 is a high-severity OS command injection vulnerability affecting the j6t git-gui tool, a graphical user interface for Git source control management. The root cause lies in the way git-gui invokes certain executables, such as sh.exe or textconv filter programs like astextplain, on Windows systems. Due to a design characteristic of the Tcl scripting language on Windows, the search path for executables always includes the current working directory. This behavior allows a malicious Git repository to include and ship its own versions of these executables within the repository directory. When a user interacts with the git-gui interface by selecting options like Git Bash or Browse Files, the tool inadvertently executes these malicious binaries from the current directory instead of the intended system binaries. This improper neutralization of special elements in OS command execution (CWE-78) enables an attacker to execute arbitrary code with the privileges of the user running git-gui. The vulnerability affects multiple versions of git-gui prior to patched releases 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1. The CVSS 3.1 base score is 8.6, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity, no privileges required, but user interaction necessary. Although no known exploits are reported in the wild yet, the vulnerability presents a significant risk due to the common use of git-gui in development environments and the ease with which a malicious repository can be crafted to exploit this flaw.

For European organizations, this vulnerability poses a serious threat especially to software development teams and any users relying on git-gui on Windows platforms. Successful exploitation could lead to arbitrary code execution, allowing attackers to compromise source code integrity, exfiltrate sensitive intellectual property, or deploy malware within corporate networks. This could disrupt development workflows, lead to supply chain contamination, and potentially impact downstream software products. Confidentiality breaches could expose proprietary code or credentials stored in repositories. Integrity violations might result in backdoored code being committed or deployed. Availability could be affected if attackers deploy ransomware or destructive payloads. Given the widespread adoption of Git and git-gui in European enterprises, including government, finance, and technology sectors, the potential for lateral movement and escalation within networks is significant. The requirement for user interaction (opening a malicious repository and using affected git-gui features) means targeted phishing or social engineering campaigns could facilitate exploitation.

European organizations should immediately verify the versions of git-gui deployed across their Windows-based development environments and update to the fixed versions listed (2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, or 2.50.1). Until updates are applied, users should avoid opening untrusted or unknown Git repositories with git-gui, especially avoiding the Git Bash or Browse Files menu options that trigger execution of external binaries. Implement strict repository source validation policies and educate developers about the risks of opening repositories from unverified sources. Employ endpoint protection solutions capable of detecting anomalous execution of binaries from repository directories. Consider restricting execution permissions on repository folders or running git-gui with least privilege principles. Additionally, integrate repository scanning tools that can detect suspicious files such as unexpected executables within repositories. Monitoring and alerting on unusual process executions originating from user directories can help detect exploitation attempts early.