Vulnerability Details CVE-2025-66413
Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is fixed in 2.53.0(2).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.8%
CVSS Severity
CVSS v3 Score 7.4
References
Products affected by CVE-2025-66413
-
cpe:2.3:a:gitforwindows:git:-
-
cpe:2.3:a:gitforwindows:git:2.17.1
-
cpe:2.3:a:gitforwindows:git:2.34.1
-
cpe:2.3:a:gitforwindows:git:2.37.1