Security Updates for Microsoft Visual Studio Products (October 2025)

The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including: - Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. CVE-2025-55240 - Inadequate encryption strength in .NET,...

GitHub: CVE-2025-46835 Git File Overwrite Vulnerability

CVE-2025-46835 is regarding a vulnerability in Git GUI where when a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite any writable file. GitHub created this CVE on their behalf...

GitHub: CVE-2025-27613 Gitk Arguments Vulnerability

CVE-2025-27613 is regarding a vulnerability in Gitk where when a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of thi...

GitHub: CVE-2025-48386 Git Credential Helper Vulnerability

CVE-2025-48386 is regarding a vulnerability in Git where the wincred credential helper uses a static buffer target as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending...

GitHub: CVE-2025-46334 Git Malicious Shell Vulnerability

CVE-2025-46334 is regarding a vulnerability in Git GUI Windows only where a malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. On Windows, path lookup can find such executables in the worktree. These programs are invoked when the user selects...