This post has been republished via RSS; it originally appeared at: MSRC Security Update Guide.
[CVE-2025-27613](https://www.cve.org/CVERecord?id=CVE-2025-27613) is regarding a vulnerability in Gitk where when a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of this line" is affected as well, regardless of the option being enabled or not. MITRE created this CVE on their behalf. The documented Visual Studio updates incorporate updates in GitK which address this vulnerability. Please see [CVE-2025-27613](https://www.cve.org/CVERecord?id=CVE-2025-27613) for more information.
Opinions, tips, and news orbiting Microsoft