icon

We found results for “

CVE-2025-22620

Date: January 20, 2025

gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some situations.

Severity Score

Severity Score

Weakness Type (CWE)

Improper Preservation of Permissions

CWE-281

Function Call With Incorrectly Specified Argument Value

CWE-687

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us