CVE-2025-22620

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-22620

CGA ID

CGA-4vwp-c7cq-2f9w

Severity

Unknown

Description

gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some situations. This vulnerability is fixed in 0.17.0.

References

https://images.chainguard.dev/security/CGA-4vwp-c7cq-2f9w
https://github.com/advisories/GHSA-fqmf-w4xh-33rh
https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-fqmf-w4xh-33rh
https://security-tracker.debian.org/tracker/CVE-2025-22620

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-22620

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources