CVE-2025-61659 is a medium-severity vulnerability affecting versions 2.6.1 through 2.7.1 of the bash-git-prompt project maintained by magicmonty. The vulnerability is categorized under CWE-377, which concerns insecure temporary file usage. Specifically, the bash-git-prompt insecurely creates and uses a temporary file named /tmp/git-index-private$$, where the '$$' represents the process ID. This naming scheme is predictable and does not sufficiently randomize the temporary filename, making it susceptible to race conditions such as symlink attacks or other forms of file manipulation by an attacker. Because the temporary file resides in a world-writable directory (/tmp) and has a predictable name, an attacker with local access could potentially create a symbolic link or replace the file before the legitimate process uses it, leading to unauthorized disclosure or modification of data, or even arbitrary code execution depending on how the file is used. The CVSS 3.1 base score is 6.8, reflecting a medium severity with low attack complexity and no required privileges or user interaction. The scope is changed (S:C), indicating that exploitation can affect resources beyond the initially vulnerable component. Confidentiality, integrity, and availability impacts are all rated low but present. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability highlights the importance of securely handling temporary files, such as using secure APIs or randomized filenames, to prevent predictable file-based attacks in Unix-like environments.

For European organizations, the impact of this vulnerability depends largely on the extent to which bash-git-prompt is used in their development or operational environments. Since bash-git-prompt is a tool primarily used by developers to enhance the shell prompt with Git repository information, the vulnerability mainly threatens systems where developers have local access. If exploited, an attacker could manipulate temporary files to gain unauthorized access to sensitive Git repository data or potentially escalate privileges by injecting malicious content. This could lead to leakage of intellectual property, source code tampering, or disruption of development workflows. In environments where continuous integration/continuous deployment (CI/CD) pipelines or automated scripts rely on bash-git-prompt, exploitation could affect software integrity and availability. Although the vulnerability requires local access and does not involve remote exploitation, insider threats or attackers who have gained initial footholds could leverage this to deepen their access. European organizations with strict data protection regulations (e.g., GDPR) must consider the confidentiality risks, as unauthorized disclosure of source code or proprietary information could lead to compliance violations and reputational damage.

To mitigate this vulnerability, organizations should first verify if they are using affected versions (2.6.1 through 2.7.1) of bash-git-prompt. If so, they should upgrade to a patched version once available or apply any vendor-provided fixes. In the absence of an official patch, users can mitigate risk by modifying the bash-git-prompt source code to use secure temporary file creation methods such as mkstemp() or similar APIs that generate unpredictable filenames and atomically create files. Additionally, restricting permissions on the /tmp directory or using dedicated temporary directories with stricter access controls can reduce the risk of symlink attacks. Organizations should also enforce the principle of least privilege, ensuring that only trusted users have local access to development systems. Monitoring for unusual file system activity in /tmp and auditing usage of bash-git-prompt can help detect exploitation attempts. Incorporating security training for developers about the risks of insecure temporary file handling is also recommended. Finally, integrating security checks into CI/CD pipelines to detect usage of vulnerable versions can prevent deployment of compromised environments.