Git Carriage Return Vulnerability Enables Remote Code Execution

Figure 1: Visual representation of the BeyondTrust vulnerability chain

David Leadbeater discovered the vulnerability while researching Git's handling of special characters in configuration values. On July 8, 2025, he published a comprehensive technical analysis at dgl.cx detailing the attack vector and exploitation mechanics.

The vulnerability stems from Git's parsing of submodule URLs in the .gitmodules file. When a URL contains a carriage return character (ASCII 0x0D), Git's configuration parser interprets subsequent content as new configuration directives. Attackers can inject arbitrary configuration values, including those that trigger code execution.

Git's configuration system supports several directives that execute external commands. The core.sshCommand directive, for example, specifies the command used for SSH operations. By injecting a malicious core.sshCommand value through the carriage return exploit, attackers can execute arbitrary code when Git attempts SSH operations during submodule cloning.

The Hacker News discussion thread accumulated over 370 points within hours of publication, with security researchers and Git users discussing the implications and mitigation strategies.

Leadbeater's writeup provides technical evidence supporting the vulnerability claims:

Exploitation Mechanism: The .gitmodules file can contain a submodule URL like [email protected]:user/repo\r\n[core]\n\tsshCommand = malicious_command. When Git parses this URL, the carriage return causes the parser to treat subsequent content as new configuration sections.

Attack Vector: The attack requires a victim to clone a malicious repository with the --recursive flag or to manually initialize submodules. The malicious configuration takes effect during the submodule clone operation.

Proof of Concept: Leadbeater provided working proof-of-concept code demonstrating code execution on Linux systems. The PoC creates a repository that executes a calculator application when cloned, proving arbitrary command execution.

Affected Versions: The vulnerability affects Git versions that do not sanitize carriage return characters in configuration values. Specific version numbers depend on when patches were applied to each distribution's Git packages.

CVSS Score: The vulnerability received a critical severity rating due to the remote code execution capability and the common usage pattern of cloning repositories with submodules.

Figure 2: How the authentication bypass vulnerability works

The disclosure provides several benefits to the security community:

Responsible Disclosure: Leadbeater followed responsible disclosure practices, giving Git maintainers time to prepare patches before public disclosure. Organizations had the opportunity to update before widespread exploitation.

Educational Value: The detailed technical writeup serves as educational material for developers working on configuration parsers. The vulnerability illustrates the dangers of insufficient input sanitization in security-sensitive contexts.

Defense Improvement: The disclosure prompted review of similar parsing vulnerabilities in Git and related tools. Security researchers can apply the same analysis techniques to identify comparable issues.

The vulnerability presents significant risks:

Wide Attack Surface: Git is installed on millions of developer machines and CI/CD systems worldwide. Any system that clones untrusted repositories faces potential compromise.

Silent Exploitation: The attack executes during normal Git operations without obvious indicators. Users may not realize their systems have been compromised.

Supply Chain Risk: Attackers could compromise legitimate repositories by adding malicious submodules. Downstream users cloning these repositories would be affected.

Patch Deployment Lag: Enterprise environments often lag behind security patches. Systems running older Git versions remain vulnerable until updated.

CI/CD Exposure: Automated build systems that clone external repositories represent high-value targets. Compromising a CI/CD system can lead to supply chain attacks affecting all software built by that system.

Figure 3: Privilege escalation from user to SYSTEM level

Understanding the vulnerability requires knowledge of Git's configuration system and submodule handling.

Git Configuration Parsing: Git uses a text-based configuration format with sections denoted by square brackets and key-value pairs. The parser reads configuration files line by line, with newline characters separating entries.

Carriage Return Handling: The vulnerability exploits the difference between carriage return (CR, 0x0D) and line feed (LF, 0x0A) characters. While Git's parser treats LF as a line separator, it did not properly handle CR characters embedded in values.

Submodule URLs: The .gitmodules file specifies URLs for submodules. When Git clones a repository with submodules, it reads these URLs and clones each submodule from the specified location.

Configuration Injection: By embedding CR characters in a submodule URL, attackers can inject arbitrary configuration directives. The parser interprets content after the CR as new configuration lines, allowing injection of dangerous settings.

Technical Context (Optional): The core.sshCommand directive specifies the command Git uses for SSH operations. When set to a malicious value, any Git operation involving SSH triggers code execution. Other exploitable directives include core.pager and credential helpers. The attack works because Git applies configuration from .gitmodules during submodule operations, and the injected configuration takes precedence over user settings.

CVE-2025-48384 raises concerns about configuration parsing security across the software industry.

Parser Security: Configuration parsers in many applications may have similar vulnerabilities. The Git vulnerability demonstrates that even mature, widely-audited software can contain subtle parsing flaws.

Trust Model Questions: The vulnerability challenges assumptions about repository trust. Cloning a repository has traditionally been considered a read-only operation, but this vulnerability shows that cloning can execute arbitrary code.

Supply Chain Security: Software supply chain security continues to face challenges. Attackers can potentially compromise widely-used repositories to affect downstream users.

CI/CD Security Practices: Organizations may need to reconsider how CI/CD systems handle external repositories. Sandboxing, restricted permissions, and careful repository vetting become more important.

Confirmed:

• CVE-2025-48384 assigned to this vulnerability
• Carriage return characters in submodule URLs enable configuration injection
• Remote code execution demonstrated through proof-of-concept
• Vulnerability disclosed on July 8, 2025
• Git maintainers notified prior to public disclosure

Unconfirmed or Unclear:

• Extent of exploitation in the wild prior to disclosure
• Complete list of affected Git versions across all distributions
• Whether similar vulnerabilities exist in Git forks or compatible implementations
• Timeline for patch availability across all package managers

Several developments will clarify the vulnerability's impact:

Patch Releases: Monitor Git releases and distribution package updates for security patches addressing CVE-2025-48384.

Exploitation Reports: Security monitoring services may report attempted exploitation of this vulnerability in the wild.

Related Vulnerabilities: Security researchers may discover similar parsing vulnerabilities in Git or related tools following this disclosure.

CI/CD Security Guidance: Major CI/CD platforms may issue guidance on protecting build systems from this class of vulnerability.

Git Hardening: The Git project may implement additional input sanitization or configuration restrictions to prevent similar vulnerabilities.