Home > Vulnerability Database > CVE-2025-59046

Mend.io Vulnerability Database

CVE-2025-59046

Good to know:

Date: September 9, 2025

The npm package "interactive-git-checkout" is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via "npm install -g interactive-git-checkout". Versions up to and including 1.1.4 of the "interactive-git-checkout" tool are vulnerable to a command injection vulnerability because the software passes the branch name to the "git checkout" command using the Node.js child process module's "exec()" function without proper input validation or sanitization. Commit 8dd832dd302af287a61611f4f85e157cd1c6bb41 fixes the issue.

Severity Score

6.3

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-59046

Url: https://github.com/ninofiliu/interactive-git-checkout/security/advisories/GHSA-4wcm-7hjf-6xw5

Url: https://github.com/ninofiliu/interactive-git-checkout/commit/8dd832dd302af287a61611f4f85e157cd1c6bb41

Url: https://www.mend.io/vulnerability-database/CVE-2025-59046

Severity Score

6.3

Weakness Type (CWE)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

Top Fix

Upgrade Version

Upgrade to version interactive-git-checkout - null;https://github.com/ninofiliu/interactive-git-checkout.git - null

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-59046

Good to know:

Date: September 9, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?