This Red Hat security advisory addresses multiple vulnerabilities in Git and gitk components distributed with Red Hat Enterprise Linux 9. The vulnerabilities include CVE-2024-50349 (Git does not sanitize URLs when asking for credentials interactively), CVE-2024-52006 (newline confusion in credential helpers leading to credential exfiltration), CVE-2025-48384 (arbitrary code execution), CVE-2025-48385 (arbitrary file writes), CVE-2025-27613 and CVE-2025-27614 (gitk file creation and script execution flaws), and CVE-2025-46835 (Git GUI can create and overwrite files). These issues could allow attackers to exfiltrate credentials, execute arbitrary code, or overwrite files with user write permissions. The advisory covers multiple Red Hat Enterprise Linux 9 variants and architectures.

The vulnerabilities collectively pose a high security risk, including potential credential exfiltration, arbitrary code execution, and unauthorized file writes or overwrites. These impacts could compromise system integrity and confidentiality if exploited. However, there are no known exploits in the wild at the time of this advisory. The issues affect Git operations related to credential handling, file creation, and script execution within Git and gitk components.

Red Hat has released updated Git packages for Red Hat Enterprise Linux 9 that address all listed vulnerabilities. Users should apply these official updates promptly to remediate the issues. Detailed instructions for applying the update are available in the Red Hat advisory at https://access.redhat.com/articles/11258. Since this is not a cloud service, remediation requires manual patching by system administrators. There are no indications that no action is required or that these are already mitigated without patching.