A significant security vulnerability, designated CVE-2025-21613, has been discovered in the go-git library, used for Git version control in pure Go applications.
This issue affects all versions before 5.13.0 and is characterized by an argument injection vulnerability, enabling potential attackers to modify git-upload-pack flags when utilizing the file transport protocol.
This protocol is particularly vulnerable since it interacts with Git binaries, making it an attractive target for exploitation.
The vulnerability has been rated with important severity based on its exploitability and impact.
The affected Amazon SSM Agent has been updated to version 3.3.1611.0, which resolves the vulnerability. The update ensures secure handling of inputs, mitigating the risk of exploitation.
The CVSS scores indicate a high likelihood of exploitation with severe consequences for confidentiality, integrity, and availability.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
Affected SUSE Products
The following table summarizes the SUSE products impacted by this vulnerability, along with recommendations for mitigation:
| Product | Version | Status | Notes |
|---|---|---|---|
| SUSE Linux Enterprise Server 12 | All versions | Affected | Upgrade to 5.13.0 or later. |
| SUSE Linux Enterprise High Performance Computing 12 | All versions | Affected | Upgrade to 5.13.0 or later. |
| openSUSE Leap 15.6 | All versions | Affected | Upgrade to 5.13.0 or later. |
| SUSE Linux Enterprise Module for Public Cloud 12 | All versions | Affected | Upgrade recommended. |
To safeguard systems, users are advised to upgrade to go-git version 5.13.0 or later to eliminate the vulnerability.
Several SUSE security advisories have been issued regarding this vulnerability:
| Advisory ID | Publication Date | Description |
|---|---|---|
| SUSE-SU-2025:0060-1 | January 10, 2025 | Initial patch release. |
| SUSE-SU-2025:0191-1 | January 20, 2025 | Additional updates. |
| openSUSE-SU-2025:14624-1 | January 10, 2025 | Patch for openSUSE Leap. |
| openSUSE-SU-2025:14654-1 | January 17, 2025 | Update for affected packages. |
| openSUSE-SU-2025:14658-1 | January 18, 2025 | Further security enhancements. |
The discovery of CVE-2025-21613 in the go-git library presents significant risks to a variety of SUSE products and applications.
Users should prioritize immediate updates to safeguard against potential exploitation.
Ongoing monitoring of security advisories and updates is crucial for maintaining system integrity and security in the face of evolving threats.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar
