ThreatLevelBeta
Planned Fix

CVE-2025-66413

NTLM hash disclosure in Git for Windows (pre-auth)
Loading...

Summary

Git for Windows prior to version 2.53.0(2) could leak the user's NTLM hash when cloning from an attacker-controlled server. An attacker could brute-force the hash offline to attempt credential access. The issue is fixed in 2.53.0(2) by disabling NTLM by default.

Why Planned Fix?

1/6
No authentication required
Deployment unknown
User interaction needed
Not exploitable in default configuration
No active exploitation or PoC
Not a high impact vulnerability

Exploitation Details

Type
Unknown
Is exploitable with default configuration?
No
Is authentication needed?
No
PoC / Exploit
No
Impact

Disclosure of the user's NTLM hash, enabling offline credential cracking and potential account compromise if the hash is used for authentication.

Exploitation Requirements
  • User interaction
  • attacker-controlled server
  • network connectivity
  • no authentication required
  • victim must clone from attacker-controlled server.
Exploitation Process

An attacker-hosted Git repository can lure a user into cloning it. During the clone, the Git client may attempt NTLM authentication and leak the user's NTLM hash to the attacker-controlled server.

Detection Resources
Manual Detection
0
Script Detection
0
Scanner Detection
0

Affected Software

Vendor:GitHub, Inc.
ProductAffected Versions
Git for Windows< 2.53.0(2)
Description

Git for Windows is the Windows port of Git.

Deployment:
|
Protocol:HTTPS
|
Ports:80, 443, 9418
Affected ComponentNTLM authentication leakage during git clone from attacker-controlled server

NTLM authentication leakage during git clone from attacker-controlled server

Affected Endpoints(2)https://github.com/git-for-windows/git/releases/tag/v2.53.0.windows.2, https://github.com/git-for-windows/git/security/advisories/GHSA-hv9c-4jm9-jh3x…
1.https://github.com/git-for-windows/git/releases/tag/v2.53.0.windows.2
2.https://github.com/git-for-windows/git/security/advisories/GHSA-hv9c-4jm9-jh3x
Enterprise UsageEstimated likelihood that this vendor/product is deployed in enterprise environments. AI-generated estimation based on market presence, product type and adoption signals — not exact data.
Very Low
Low
Medium
High
Very High
Vendor Size:Medium
Remediation
Workaround

Not available

Patch

Not available

Update

Not available

Threat Intelligence
EPSS data unavailable
CISAKEV
CISA KEV
Not Listed
Active Exploitation
No Evidence
Threat Actors

No known threat actors

Detection Rules

No detection rules available

NVD Data

Published: Loading...Modified: Loading...

Description Summary

Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is fixed in 2.53.0(2).

CVSS Base Score

7.4
High

CVSS Vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N)

Attack Vector (AV)
Physical
Local
Adjacent
Network
Attack Complexity (AC)
High
Low
Privileges Required (PR)
High
Low
None
User Interaction (UI)
Required
None
Scope (S)
Unchanged
Changed
Confidentiality (C)
None
Low
High
Integrity (I)
None
Low
High
Availability (A)
None
Low
High
CWE:
|
NVD:CVE-2025-66413
|
Version From:
|
Version Upto:

Affected Software (CPE) (1)

  • cpe:2.3:a:git_for_windows_project:git_for_windows:*:*:*:*:*:*:*:*

Sources

4
SourceArticle
nvd.nist.govhttps://nvd.nist.gov/vuln/detail/CVE-2025-66413
github.comhttps://github.com/git-for-windows/git/releases/tag/v2.53.0.windows.2
github.comhttps://github.com/git-for-windows/git/security/advisories/GHSA-hv9c-4jm9-jh3x
newreleases.iohttps://newreleases.io/project/github/git-for-windows/git/release/untagged-8231769e9b878a01c378

Priority History

Planned FixLoading...

Initial analysis