THE CORTEX PROTOCOL
🏠Home🚨Threats🧩Patches📚Books🎬Mission Logs
🔴 HIGHadvisory

Git CVE-2025-48384 Exploited via Malicious Submodules and Hooks

Category:Vulnerabilities & Exploits / Application Security
Git CVE-2025-48384 is a parsing vulnerability allowing malicious .gitmodules files to perform arbitrary file writes that lead to command execution when repositories are cloned recursively. CrowdStrike observed exploitation campaigns using public Git repositories to deploy malicious hooks. This issue affects Git versions prior to 2.47.1. Users should upgrade and avoid cloning untrusted repositories with --recursive.

🎯CORTEX Protocol Intelligence Assessment

Business Impact: Developer system compromise may lead to CI/CD supply chain risks. Technical Context: Vulnerability in .gitmodules path parsing triggers arbitrary file writes leading to hook execution.

Strategic Intelligence Guidance

  • Upgrade Git to version 2.47.1 or higher immediately.
  • Avoid cloning untrusted repos using --recursive.
  • Review CI/CD configurations for submodule validation.
  • Monitor developer systems for unauthorized hooks.

CVEs

CVE-2025-48384

Vendors

Git

Threats

Supply Chain Attack

Targets

DevelopersCI/CD Pipelines

Tags

#git#cve-2025-48384#hooks#rce#crowdstrike
Intelligence Source: CrowdStrike Falcon Blocks Git Vulnerability CVE-2025-48384 | Oct 18, 2025
More stories in Application Security