CVE-2025-66413 | THREATINT

Description

Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is fixed in 2.53.0(2).

PUBLISHED Reserved 2025-11-28 | Published 2026-03-10 | Updated 2026-03-11 | Assigner GitHub_M

HIGH: 7.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Problem types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Product status

< 2.53.0(2)

affected

References

github.com/...ws/git/security/advisories/GHSA-hv9c-4jm9-jh3x

github.com/...for-windows/git/releases/tag/v2.53.0.windows.2

cve.org (CVE-2025-66413)

nvd.nist.gov (CVE-2025-66413)

Download JSON