High severity8.6NVD Advisory· Published Jul 10, 2025· Updated Jun 17, 2026
CVE-2025-27614
CVE-2025-27614
Description
Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
48- osv-coords47 versionspkg:rpm/almalinux/gitpkg:rpm/almalinux/git-allpkg:rpm/almalinux/git-corepkg:rpm/almalinux/git-core-docpkg:rpm/almalinux/git-credential-libsecretpkg:rpm/almalinux/git-daemonpkg:rpm/almalinux/git-emailpkg:rpm/almalinux/git-guipkg:rpm/almalinux/git-instawebpkg:rpm/almalinux/gitkpkg:rpm/almalinux/git-subtreepkg:rpm/almalinux/git-svnpkg:rpm/almalinux/gitwebpkg:rpm/almalinux/perl-Gitpkg:rpm/almalinux/perl-Git-SVNpkg:rpm/opensuse/git&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/git&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/git-lfs&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/obs-scm-bridge&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-PyYAML&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/git&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/git&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/git&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/git&distro=SUSE%20Manager%20Proxy%20LTS%204.3pkg:rpm/suse/git&distro=SUSE%20Manager%20Server%20LTS%204.3pkg:rpm/suse/git-lfs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/git-lfs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/obs-scm-bridge&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/obs-scm-bridge&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/python-PyYAML&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-PyYAML&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7
< 2.47.3-1.el9_6+ 46 more
- (no CPE)range: < 2.47.3-1.el9_6
- (no CPE)range: < 2.47.3-1.el9_6
- (no CPE)range: < 2.47.3-1.el9_6
- (no CPE)range: < 2.47.3-1.el9_6
- (no CPE)range: < 2.47.3-1.el9_6
- (no CPE)range: < 2.47.3-1.el9_6
- (no CPE)range: < 2.47.3-1.el9_6
- (no CPE)range: < 2.47.3-1.el9_6
- (no CPE)range: < 2.47.3-1.el9_6
- (no CPE)range: < 2.47.3-1.el9_6
- (no CPE)range: < 2.47.3-1.el9_6
- (no CPE)range: < 2.47.3-1.el9_6
- (no CPE)range: < 2.47.3-1.el9_6
- (no CPE)range: < 2.47.3-1.el9_6
- (no CPE)range: < 2.47.3-1.el9_6
- (no CPE)range: < 2.51.0-150600.3.12.1
- (no CPE)range: < 2.50.1-1.1
- (no CPE)range: < 3.7.0-150600.13.3.1
- (no CPE)range: < 0.7.4-150600.14.4.1
- (no CPE)range: < 6.0.2-150600.10.3.1
- (no CPE)range: < 2.43.7-150300.10.51.1
- (no CPE)range: < 2.43.7-150300.10.51.1
- (no CPE)range: < 2.43.7-150300.10.51.1
- (no CPE)range: < 2.43.7-150300.10.51.1
- (no CPE)range: < 2.43.7-150300.10.51.1
- (no CPE)range: < 2.43.7-150300.10.51.1
- (no CPE)range: < 2.43.7-150300.10.51.1
- (no CPE)range: < 2.51.0-150600.3.12.1
- (no CPE)range: < 2.51.0-150600.3.12.1
- (no CPE)range: < 2.51.0-150600.3.12.1
- (no CPE)range: < 2.51.0-150600.3.12.1
- (no CPE)range: < 2.43.7-150300.10.51.1
- (no CPE)range: < 2.43.7-150300.10.51.1
- (no CPE)range: < 2.43.7-150300.10.51.1
- (no CPE)range: < 2.43.7-150300.10.51.1
- (no CPE)range: < 2.43.7-150300.10.51.1
- (no CPE)range: < 2.43.7-150300.10.51.1
- (no CPE)range: < 2.51.0-1.1
- (no CPE)range: < 2.51.0-slfo.1.1_1.1
- (no CPE)range: < 2.43.7-150300.10.51.1
- (no CPE)range: < 2.43.7-150300.10.51.1
- (no CPE)range: < 3.7.0-150600.13.3.1
- (no CPE)range: < 3.7.0-150600.13.3.1
- (no CPE)range: < 0.7.4-150600.14.4.1
- (no CPE)range: < 0.7.4-150600.14.4.1
- (no CPE)range: < 6.0.2-150600.10.3.1
- (no CPE)range: < 6.0.2-150600.10.3.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.