CVE-2025-59046 is a critical command injection vulnerability affecting versions up to and including 1.1.4 of the npm package 'interactive-git-checkout', a command-line tool designed to facilitate git branch checkouts by prompting users for branch names interactively. The vulnerability arises due to improper neutralization of special elements in the user-supplied branch name input. Specifically, the tool uses Node.js's child process module's exec() function to invoke the 'git checkout' command, directly embedding the user input without adequate sanitization or validation. This allows an attacker to inject arbitrary shell commands by crafting malicious branch names, which are then executed with the privileges of the user running the tool. The vulnerability is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command) and has a CVSS v3.1 base score of 9.8, indicating critical severity. The exploit requires no authentication or user interaction beyond supplying a malicious branch name, and the attack vector is network-based if the tool is used in environments where branch names can be influenced remotely (e.g., CI/CD pipelines or shared repositories). The flaw was fixed in commit 8dd832dd302af287a61611f4f85e157cd1c6bb41. No known exploits in the wild have been reported as of the publication date (September 9, 2025).

For European organizations, the impact of this vulnerability can be severe, especially for those relying on 'interactive-git-checkout' in their development workflows or automation pipelines. Successful exploitation can lead to full system compromise on developer machines or build servers, resulting in unauthorized code execution, data theft, or disruption of software development processes. This can further lead to supply chain risks if compromised build environments produce malicious artifacts. Confidentiality, integrity, and availability of critical source code repositories and build infrastructure are at risk. Given the critical CVSS score and the ease of exploitation without authentication, organizations face a high risk of lateral movement and persistent footholds within their internal networks if this vulnerability is exploited. The risk is amplified in environments where developers or CI/CD systems run this tool with elevated privileges or on critical infrastructure.

European organizations should immediately audit their development environments and CI/CD pipelines to identify usage of the 'interactive-git-checkout' npm package, especially versions <= 1.1.4. The primary mitigation is to upgrade to a fixed version of the package that includes the patch from commit 8dd832dd302af287a61611f4f85e157cd1c6bb41. If upgrading is not immediately feasible, organizations should restrict usage of the tool to trusted users and environments, and implement input validation or sanitization wrappers around the tool to prevent injection of malicious branch names. Additionally, running development tools with least privilege and isolating build environments can limit the blast radius of potential exploitation. Monitoring for unusual child process executions and command-line invocations related to git checkout commands can help detect exploitation attempts. Incorporating security scanning tools that detect vulnerable npm packages in the software supply chain is also recommended. Finally, educating developers about the risks of command injection and safe handling of user inputs in scripts and tools is essential.