Sunday, February 9, 2025
HomeCyber Security NewsCritical SUSE Linux Distro Injection Vulnerability Allow Attackers Exploits “go-git” Library

Critical SUSE Linux Distro Injection Vulnerability Allow Attackers Exploits “go-git” Library

Published on

SIEM as a Service

Follow Us on Google News

A significant security vulnerability, designated CVE-2025-21613, has been discovered in the go-git library, used for Git version control in pure Go applications.

This issue affects all versions before 5.13.0 and is characterized by an argument injection vulnerability, enabling potential attackers to modify git-upload-pack flags when utilizing the file transport protocol.

This protocol is particularly vulnerable since it interacts with Git binaries, making it an attractive target for exploitation.

The vulnerability has been rated with important severity based on its exploitability and impact.

The affected Amazon SSM Agent has been updated to version 3.3.1611.0, which resolves the vulnerability. The update ensures secure handling of inputs, mitigating the risk of exploitation.

The CVSS scores indicate a high likelihood of exploitation with severe consequences for confidentiality, integrity, and availability.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Affected SUSE Products

The following table summarizes the SUSE products impacted by this vulnerability, along with recommendations for mitigation:

ProductVersionStatusNotes
SUSE Linux Enterprise Server 12All versionsAffectedUpgrade to 5.13.0 or later.
SUSE Linux Enterprise High Performance Computing 12All versionsAffectedUpgrade to 5.13.0 or later.
openSUSE Leap 15.6All versionsAffectedUpgrade to 5.13.0 or later.
SUSE Linux Enterprise Module for Public Cloud 12All versionsAffectedUpgrade recommended.

To safeguard systems, users are advised to upgrade to go-git version 5.13.0 or later to eliminate the vulnerability.

Several SUSE security advisories have been issued regarding this vulnerability:

Advisory IDPublication DateDescription
SUSE-SU-2025:0060-1January 10, 2025Initial patch release.
SUSE-SU-2025:0191-1January 20, 2025Additional updates.
openSUSE-SU-2025:14624-1January 10, 2025Patch for openSUSE Leap.
openSUSE-SU-2025:14654-1January 17, 2025Update for affected packages.
openSUSE-SU-2025:14658-1January 18, 2025Further security enhancements.

The discovery of CVE-2025-21613 in the go-git library presents significant risks to a variety of SUSE products and applications.

Users should prioritize immediate updates to safeguard against potential exploitation.

Ongoing monitoring of security advisories and updates is crucial for maintaining system integrity and security in the face of evolving threats.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...