Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...

RHEL 9 : git-lfs (RHSA-2025:23744)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:23744 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing t...

Oracle Linux 9 : git-lfs (ELSA-2025-23744)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-23744 advisory. - Backport fix for CVE-2025-26625 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

RHEL 8 : git-lfs (RHSA-2025:23745)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:23745 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing t...

git-lfs security update

3.6.1-4 - Backport fix for CVE-2025-26625 - Resolves: RHEL-122431...

git-lfs security update

3.4.1-6 - Backport CVE-2025-26625 fixes - Resolves: RHEL-122423...

RLSA-2025:23667 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...

CVE-2025-68398

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue...

RHSA-2025:23667 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

Oracle Linux 10 : git-lfs (ELSA-2025-23667)

The remote Oracle Linux 10 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-23667 advisory. 3.6.1-4 - Backport fix for CVE-2025-26625 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the GITSSHCOMMAND command. An attacker can execute arbitrary code and gain full control over the system by remotely overwriting configuration files. Remediation Upgrade Weblate to version 5.15.1 or higher...

EUVD-2025-204419

Weblate is vulnerable to RCE through Git config file overwrite...

GHSA-8VCG-CFXJ-P5M3 Weblate is vulnerable to RCE through Git config file overwrite

Impact It was possible to overwrite Git configuration remotely and override some of its behavior. Resources Thanks to Jason Marcello for responsible disclosure...

Weblate is vulnerable to RCE through Git config file overwrite

Impact It was possible to overwrite Git configuration remotely and override some of its behavior. Resources Thanks to Jason Marcello for responsible disclosure...

CVE-2025-68398

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue...

CVE-2025-68398 Weblate has git config file overwrite vulnerability that leads to remote code execution

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue...

CVE-2025-68398

Weblate is affected by a remote Git configuration overwrite vulnerability in versions prior to 5.15.1. The issue allows an attacker to overwrite Git config remotely and override behavior, with SNYK detailing an Arbitrary File Upload via GIT_SSH_COMMAND that can lead to remote code execution; Red ...

CVE-2025-68398 Weblate has git config file overwrite vulnerability that leads to remote code execution

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue...

CVE-2025-68144

In mcp-server-git versions prior to 2025.12.17, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

CVE-2025-68145

In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...