CVE-2025-23040

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-23040
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23040.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-23040
Aliases
  • GHSA-36mm-rh9q-cpqq
Published
2025-01-15T17:25:00.945Z
Modified
2026-04-10T05:31:44.632545Z
Severity
  • 6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Maliciously crafted remote URLs could lead to credential leak in GitHub Desktop
Details

GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop relies on Git to perform all network related operations (such as cloning, fetching, and pushing). When a user attempts to clone a repository GitHub Desktop will invoke git clone and when Git encounters a remote which requires authentication it will request the credentials for that remote host from GitHub Desktop using the git-credential protocol. Using a maliciously crafted URL it's possible to cause the credential request coming from Git to be misinterpreted by Github Desktop such that it will send credentials for a different host than the host that Git is currently communicating with thereby allowing for secret exfiltration. GitHub username and OAuth token, or credentials for other Git remote hosts stored in GitHub Desktop could be improperly transmitted to an unrelated host. Users should update to GitHub Desktop 3.4.12 or greater which fixes this vulnerability. Users who suspect they may be affected should revoke any relevant credentials.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23040.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-522"
    ]
}
References

Affected packages

Git / github.com/desktop/desktop

Affected ranges

Type
GIT
Repo
https://github.com/desktop/desktop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6d57135bd0082627adc5ccafa8479110130da361
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.4.12"
        }
    ]
}

Affected versions

release-0.*
release-0.0.10
release-0.0.11
release-0.0.12
release-0.0.13
release-0.0.14
release-0.0.15
release-0.0.16
release-0.0.17
release-0.0.21
release-0.0.22
release-0.0.23
release-0.0.24
release-0.0.25
release-0.0.26
release-0.0.27
release-0.0.28
release-0.0.29
release-0.0.3
release-0.0.30
release-0.0.31
release-0.0.32
release-0.0.33
release-0.0.34
release-0.0.35
release-0.0.36
release-0.0.37
release-0.0.38
release-0.0.39
release-0.0.4
release-0.0.5
release-0.0.6
release-0.0.7
release-0.0.8
release-0.0.9
release-0.5.0
release-0.5.1
release-0.5.2
release-0.5.3
release-0.5.4
release-0.5.5
release-0.5.6
release-0.5.7
release-0.5.8
release-0.5.9
release-0.6.0
release-0.6.1
release-0.6.2
release-0.7.0
release-0.7.1
release-0.7.1-beta0
release-0.7.1-beta4
release-0.7.2
release-0.7.2-beta0
release-0.7.3-beta0
release-0.7.3-beta1
release-0.7.3-beta2
release-0.7.3-beta3
release-0.7.3-beta4
release-0.7.3-beta5
release-0.8.0
release-0.8.1
release-0.8.1-beta0
release-0.8.1-beta1
release-0.8.1-beta2
release-0.8.1-beta3
release-0.8.1-beta4
release-0.8.2
release-0.9.1
release-1.*
release-1.0.0
release-1.0.0-beta0
release-1.0.0-beta1
release-1.0.0-beta3
release-1.0.1
release-1.0.1-beta0
release-1.0.10
release-1.0.10-beta0
release-1.0.10-beta2
release-1.0.10-beta3
release-1.0.11
release-1.0.11-beta0
release-1.0.12
release-1.0.12-beta0
release-1.0.12-beta1
release-1.0.13
release-1.0.13-beta1
release-1.0.14-beta1
release-1.0.14-beta2
release-1.0.14-beta5
release-1.0.2
release-1.0.2-beta0
release-1.0.2-beta1
release-1.0.3
release-1.0.4
release-1.0.4-beta0
release-1.0.4-beta1
release-1.0.5
release-1.0.5-beta0
release-1.0.5-beta1
release-1.0.6
release-1.0.7
release-1.0.7-beta0
release-1.0.8
release-1.0.8-beta0
release-1.0.9
release-1.0.9-beta0
release-1.1.0
release-1.1.1
release-1.1.1-beta3
release-1.1.1-beta4
release-1.1.2-beta1
release-1.1.2-beta2
release-1.1.2-beta3
release-1.1.2-beta5
release-1.1.2-beta6
release-1.1.2-beta7
release-1.2.0
release-1.2.1
release-1.2.1-beta1
release-1.2.4
release-1.2.4-beta1
release-1.2.4-beta2
release-1.2.4-beta3
release-1.2.4-beta4
release-1.2.4-beta5
release-1.3.0
release-1.3.0-beta1
release-1.3.0-beta6
release-1.3.0-beta7
release-1.3.1-beta0
release-1.3.3
release-1.3.5-beta1
release-1.4.0
release-1.4.0-beta1
release-1.4.1
release-1.5.0-beta1
release-3.*
release-3.4.10
release-3.4.10-beta3
release-3.4.11

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23040.json"