Home > Vulnerability Database > CVE-2025-22620

Mend.io Vulnerability Database

CVE-2025-22620

Date: January 20, 2025

gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some situations.

Severity Score

5.0

Related Resources (6)

Url: https://github.com/GitoxideLabs/gitoxide

Url: https://rustsec.org/advisories/RUSTSEC-2025-0001.html

Url: https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-fqmf-w4xh-33rh

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-22620

Url: https://crates.io/crates/gix-worktree-state

Url: https://www.mend.io/vulnerability-database/CVE-2025-22620

Severity Score

5.0

Weakness Type (CWE)

Improper Preservation of Permissions

CWE-281

Function Call With Incorrectly Specified Argument Value

CWE-687

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-22620

Date: January 20, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?