This post has been republished via RSS; it originally appeared at: MSRC Security Update Guide.
[CVE-2025-48386](https://www.cve.org/CVERecord?id=CVE-2025-48386) is regarding a vulnerability in Git where the wincred credential helper uses a static buffer (`target`) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with `wcsncat()`, leading to potential buffer overflows. MITRE created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Git which address this vulnerability. Please see [CVE-2025-48386](https://www.cve.org/CVERecord?id=CVE-2025-48386) for more information.
Opinions, tips, and news orbiting Microsoft