The vulnerability of the git-upload-pack method of the go-git library allows a perpetrator to influence the confidentiality, integrity, and accessibility of the protected information.

🗓️ 13 Jan 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

The go-git git-upload-pack vulnerability allows attackers to modify arguments and compromise data confidentiality, integrity, and access.

Reporter	Title	Published	Views	Family All 238
IBM Security Bulletins	Security Bulletin: Due to use of go-git, IBM Instana Observability is vulnerable to a denial of service and argument injection vulnerability.	4 Mar 202505:22	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.0.3	7 Oct 202516:08	–	ibm
IBM Security Bulletins	Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for August 2025.	15 Sep 202507:04	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak	11 Jun 202501:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an argument injection vulnerability in go-git [CVE-2025-21613]	1 May 202520:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to PAM, go-git and Golang.org/X/Crypto	27 Feb 202503:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an argument injection vulnerability in go-git [CVE-2025-21613]	27 Feb 202517:16	–	ibm
Tenable Nessus	Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2025-824)	5 Feb 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : amazon-ssm-agent (ALAS-2025-2739)	4 Feb 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0013: grafana (ALINUX3-SA-2025:0013)	14 May 202500:00	–	nessus

Vulners

Node

red_hat red_hat_advanced_cluster_management_for_kubernetesMatch2

red_hat red_hat_openshift_container_platformMatch4

red_hat red_hat_openstack_platformMatch16.2

red_hat red_hat_openshift_virtualizationMatch4

red_hat red_hat_openstack_platformMatch17.1

red_hat red_hat_advanced_cluster_securityMatch4

red_hat red_hat_ceph_storageMatch7

github go-gitRange<5.13.0

red_hat red_hat_enterprise_linuxMatch8

red_hat red_hat_enterprise_linuxMatch9

Source	Link
github	www.github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m
access	www.access.redhat.com/security/cve/cve-2025-21613
security-tracker	www.security-tracker.debian.org/tracker/CVE-2025-21613
redos	www.redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-go-git-cve-2025-21613/
web	www.web.nvd.nist.gov/view/vuln/detail

01 Aug 2025 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 39.8

CVSS 210

EPSS0.0124