CVE-2025-66413

ADVISORY - nist

Summary

Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is fixed in 2.53.0(2).

EPSS Score⁠: 0.00036 (0.106)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

CWE-307⁠

Improper Restriction of Excessive Authentication Attempts

Impacted images

Advisories

NIST

CREATED

1 month ago

UPDATED

5 hours ago

ADVISORY IDCVE-2025-66413⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-200⁠CWE-307⁠

CVSS SCORE

7.4high

Alpine

CREATED

3 hours ago

UPDATED

30 seconds ago

ADVISORY IDCVE-2025-66413⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY