This post has been republished via RSS; it originally appeared at: MSRC Security Update Guide.
[CVE-2025-46334](https://www.cve.org/CVERecord?id=CVE-2025-46334) is regarding a vulnerability in Git GUI (Windows only) where a malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. On Windows, path lookup can find such executables in the worktree. These programs are invoked when the user selects "Git Bash" or "Browse Files" from the menu. MITRE created this CVE on their behalf. The documented Visual Studio updates incorporate updates in GitK which address this vulnerability. Please see [CVE-2025-46334](https://www.cve.org/CVERecord?id=CVE-2025-46334) for more information.
Opinions, tips, and news orbiting Microsoft