Important: git-lfs security update

🗓️ 22 Dec 2025 00:00:00Reported by AlmaLinuxType

almalinux

almalinux🔗 errata.almalinux.org👁 4 Views

Git LFS security update fixes arbitrary file writes via crafted symlinks (CVE-2025-26625).

Reporter	Title	Published	Views	Family All 131
Tenable Nessus	Amazon Linux 2023 : git-lfs (ALAS2023-2025-1258)	11 Nov 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0001: git-lfs (ALINUX3-SA-2026:0001)	7 Jan 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : git-lfs (ALSA-2025:23667)	23 Dec 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : git-lfs (ALSA-2025:23744)	23 Dec 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : git-lfs (ALSA-2025:23745)	22 Dec 202500:00	–	nessus
Tenable Nessus	Debian dla-4610 : git-lfs - security update	1 Jun 202600:00	–	nessus
Tenable Nessus	Fedora 41 : git-lfs (2025-5872b9ec46)	29 Oct 202500:00	–	nessus
Tenable Nessus	Fedora 43 : git-lfs (2025-7dfe24dbaa)	29 Oct 202500:00	–	nessus
Tenable Nessus	Fedora 42 : git-lfs (2025-f8d1e1df04)	29 Oct 202500:00	–	nessus
Tenable Nessus	MiracleLinux 8 : git-lfs-3.4.1-6.el8_10 (AXSA:2025-11615:08)	13 Jan 202600:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
almalinux	9	ppc64le	git-lfs	3.6.1-4.el9_7	git-lfs-3.6.1-4.el9_7.ppc64le.rpm
almalinux	9	s390x	git-lfs	3.6.1-4.el9_7	git-lfs-3.6.1-4.el9_7.s390x.rpm
almalinux	9	x86_64	git-lfs	3.6.1-4.el9_7	git-lfs-3.6.1-4.el9_7.x86_64.rpm
almalinux	9	aarch64	git-lfs	3.6.1-4.el9_7	git-lfs-3.6.1-4.el9_7.aarch64.rpm

Source	Link
access	www.access.redhat.com/errata/RHSA-2025:23744
access	www.access.redhat.com/security/cve/CVE-2025-26625
bugzilla	www.bugzilla.redhat.com/2404720
errata	www.errata.almalinux.org/9/ALSA-2025-23744.html

22 Dec 2025 12:38Current

7.1High risk

Vulners AI Score7.1

CVSS 48.6

EPSS0.0007

SSVC

git lfs security update arbitrary file write crafted symlinks cve 2025 26625