N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-26625

GHSA ID

GHSA-6pvw-g552-53c5

EPSS Score

CWE

CWE-59

Published

10/17/2025

Updated

10/17/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-26625

CVE-2025-26625: Git LFS may write to arbitrary files via crafted symlinks

Impact

When populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git LFS.

Git LFS has resolved this problem by revising the git lfs checkout and git lfs pull commands so that they check for symbolic links in the same manner as performed by Git before writing to files in the working tree. These commands now also remove existing files in the working tree before writing new files in their place.

As well, Git LFS has resolved a problem whereby the git lfs checkout and git lfs pull commands, when run in a bare repository, could write to files visible outside the repository. While a specific and relatively unlikely set of conditions were required for this to occur, it is no longer possible under any circumstances.

Patches

This problem exists in all versions since 0.5.2 and is patched in v3.7.1. All users should upgrade to v3.7.1.

Workarounds

Support for symlinks in Git may be disabled by setting the core.symlinks configuration option to false, after which further clones and fetches will not create symbolic links. However, any symbolic or hard links in existing repositories will still provide the opportunity for Git LFS to write to their targets.

References

https://github.com/git-lfs/git-lfs/security/advisories/GHSA-6pvw-g552-53c5
https://nvd.nist.gov/vuln/detail/CVE-2025-26625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26625
https://github.com/git-lfs/git-lfs/releases/tag/v3.7.1
git-lfs/git-lfs@5c11ffce9a
git-lfs/git-lfs@0cffe93176
git-lfs/git-lfs@d02bd13f02

For more information

If there are any questions or comments about this advisory:

For general questions, start a discussion in the Git LFS discussion forum.
For reports of additional vulnerabilities, please follow the Git LFS security reporting policy.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-26625

GHSA ID

GHSA-6pvw-g552-53c5

EPSS Score

CWE

CWE-59

Published

10/17/2025

Updated

10/17/2025

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/git-lfs/git-lfs	go	>= 0.5.2, <= 3.7.0	3.7.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability in Git LFS (GHSA-6pvw-g552-53c5) allows for arbitrary file writes through crafted symbolic or hard links during git lfs checkout or git lfs pull operations. The root cause is multifaceted and has been addressed across three key commits.

Improper Link Following: The function lfs.GitFilter.SmudgeToFile, responsible for writing file content, originally used os.Create. This function follows symbolic links by default. An attacker could replace a file tracked by LFS with a symbolic link pointing to an arbitrary location on the filesystem, causing Git LFS to write content to that location. The fix replaces os.Create with os.Remove followed by os.OpenFile with the O_EXCL flag, which ensures a new file is created and does not follow existing symlinks, also mitigating a potential TOCTOU race condition.
Path Traversal via Symlinks in Directories: The commands.singleCheckout.Run function, which is central to both checkout and pull, did not validate that each component of the file's path was a directory. An attacker could replace a directory in the path with a symbolic link to another location. The fix introduces a DirWalker utility that uses os.Lstat (which does not follow symlinks) to verify each path component, preventing this traversal.
Bare Repository Execution: The checkout and pull commands could be run in a bare repository (a repository without a working directory). This led to incorrect path resolution, treating repository-relative paths as absolute filesystem paths, potentially leading to writes outside the repository. The commands.checkoutCommand and commands.singleCheckout.Run functions were patched to detect when they are run in a bare repository and prevent the file write operations from proceeding.

The identified vulnerable functions are the key locations where these flaws existed. During exploitation, these functions would be present in the runtime profile as they are directly involved in the vulnerable file I/O operations.

Vulnerable functions

lfs.GitFilter.SmudgeToFile

lfs/gitfilter_smudge.go

The original implementation of `SmudgeToFile` used `os.Create` to write LFS object content. `os.Create` follows symbolic links, which could lead to writing files outside the intended working directory if a malicious symlink is placed in the path. The patch mitigates this by first removing the destination file with `os.Remove` and then creating a new file with `os.OpenFile` using the `O_CREATE|O_EXCL` flags. This ensures that the function does not follow symlinks and also addresses a time-of-check-to-time-of-use (TOCTOU) vulnerability.

commands.singleCheckout.Run

commands/pull.go

This function, used by both `git lfs pull` and `git lfs checkout`, had two vulnerabilities. First, it did not verify if it was running in a valid git working tree, allowing it to be executed in a bare repository which could lead to writing files outside the repository. This was fixed by adding the `hasWorkTree` check. Second, it did not validate the directory path of the file to be checked out, allowing symbolic links to exist in place of directories, which could lead to writing files outside the working tree. This was fixed by introducing `DirWalker` to validate the path components using `os.Lstat`, which does not follow symlinks.

commands.checkoutCommand

commands/command_checkout.go

This is the entry point for the `git lfs checkout` command. It was vulnerable as it could be run in a bare repository, which lacks a working tree. This could lead to files being written outside the repository due to incorrect path handling. The patch adds a check to ensure that the command is executed within a git working tree.

WAF Protection Rules

WAF Rule

### Imp**t W**n popul*tin* * *it r*pository's workin* tr** wit* t** *ont*nts o* *it L*S o*j**ts, **rt*in *it L*S *omm*n*s m*y writ* to *il*s visi*l* outsi** t** *urr*nt *it workin* tr** i* sym*oli* or **r* links *xist w*i** *olli** wit* t** p*t*s o*

Reasoning

T** vuln*r**ility in *it L*S (**S*-*pvw-****-****) *llows *or *r*itr*ry *il* writ*s t*rou** *r**t** sym*oli* or **r* links *urin* `*it l*s ****kout` or `*it l*s pull` op*r*tions. T** root **us* is multi****t** *n* **s ***n ***r*ss** **ross t*r** k*y

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-26625: Git LFS may write to arbitrary files via crafted symlinks

Impact

Patches

Workarounds

References

For more information

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI