A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service.
CVSS Score
4.9
EPSS Score
0.0
Published
2025-11-04
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously crafted file may lead to heap corruption.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-11-04
The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-09-15
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-09-15
This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox.
CVSS Score
8.2
EPSS Score
0.0
Published
2025-09-15
The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-09-15
CVE-2025-48384
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
Known exploited
CVSS Score
8.0
EPSS Score
0.036
Published
2025-07-08
This issue was addressed through improved state management. This issue is fixed in Xcode 16.3. An app may be able to overwrite arbitrary files.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-03-31
The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may be able to access private information.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-03-31
This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-10-28
Page 1