CVE-2025-26625 Overview
CVE-2025-26625 is a high-severity symlink attack vulnerability in Git Large File Storage (Git LFS), a widely-used Git extension for versioning large files. The vulnerability affects Git LFS versions 0.5.2 through 3.7.0 and allows attackers to craft malicious repositories containing symbolic or hard links that cause Git LFS to write to arbitrary file system locations accessible to the user running git lfs checkout or git lfs pull commands.
This vulnerability stems from insufficient validation when populating a Git repository's working tree with Git LFS object contents. The affected commands fail to check for symbolic links before writing to files, enabling path traversal outside the intended working tree. Additionally, when these commands are executed in a bare repository context, they could write to files visible outside the repository entirely.
Critical Impact
Attackers can achieve arbitrary file write capabilities by crafting repositories with malicious symbolic or hard links, potentially leading to code execution, configuration tampering, or privilege escalation on affected systems.
Affected Products
- Git LFS versions 0.5.2 through 3.7.0
- Systems using git lfs checkout command
- Systems using git lfs pull command
Discovery Timeline
- October 17, 2025 - CVE-2025-26625 published to NVD
- October 21, 2025 - Last updated in NVD database
Technical Details for CVE-2025-26625
Vulnerability Analysis
This vulnerability is classified as CWE-59 (Improper Link Resolution Before File Access), commonly known as a symlink attack. The core issue lies in how Git LFS handles file operations during checkout and pull operations without properly validating the target paths against symbolic or hard links that may exist in the repository.
When a user clones or fetches a maliciously crafted repository, an attacker can include symbolic links that point to arbitrary locations outside the working tree. Subsequently, when git lfs checkout or git lfs pull is executed, Git LFS follows these links and writes LFS object contents to the attacker-controlled target locations. This can overwrite sensitive files such as SSH authorized keys, shell configuration files, or application configuration, potentially leading to code execution or credential compromise.
The vulnerability is particularly dangerous in bare repository scenarios, where the commands could write to locations entirely outside the repository structure, expanding the potential attack surface significantly.
Root Cause
The root cause is the absence of symlink and hard link validation before file write operations in the Git LFS checkout and pull command handlers. The affected code paths in commands/command_checkout.go and commands/pull.go did not incorporate the tools package functions needed to detect directory/symlink conflicts prior to writing file contents.
Additionally, the lfs/gitfilter_smudge.go file used os.Stat() instead of os.Lstat(), which follows symbolic links rather than examining the link itself, allowing the vulnerability to be exploited through crafted symlinks.
Attack Vector
The attack requires user interaction—specifically, a victim must clone a malicious repository and execute git lfs checkout or git lfs pull. This makes it a network-accessible attack vector that requires social engineering to trick users into interacting with attacker-controlled repositories. The attack can target developers, CI/CD pipelines, or any automated systems that fetch and process Git repositories with LFS-tracked content.
// Security patch in commands/command_checkout.go
// Added check for dir/symlink conflicts before checkout/pull operations
"github.com/git-lfs/git-lfs/v3/git"
"github.com/git-lfs/git-lfs/v3/lfs"
"github.com/git-lfs/git-lfs/v3/tasklog"
+ "github.com/git-lfs/git-lfs/v3/tools"
"github.com/git-lfs/git-lfs/v3/tq"
"github.com/git-lfs/git-lfs/v3/tr"
"github.com/spf13/cobra"
Source: GitHub Commit
// Security patch in lfs/gitfilter_smudge.go
// Changed from os.Stat() to os.Lstat() to properly detect symlinks
func (f *GitFilter) SmudgeToFile(filename string, ptr *Pointer, download bool, manifest tq.Manifest, cb tools.CopyCallback) error {
tools.MkdirAll(filepath.Dir(filename), f.cfg)
- if stat, _ := os.Stat(filename); stat != nil {
+ // When no pointer file exists on disk, we should use the permissions
+ // defined for the file in Git, since the executable mode may be set.
+ // However, to conform with our legacy behaviour, we do not do this
+ // at present.
+ var mode os.FileMode = 0666
+ if stat, _ := os.Lstat(filename); stat != nil && stat.Mode().IsRegular() {
if ptr.Size == 0 && stat.Size() == 0 {
return nil
}
- if stat.Mode()&0200 == 0 {
- if err := os.Chmod(filename, stat.Mode()|0200); err != nil {
- return errors.Wrap(err,
- tr.Tr.Get("Could not restore write permission"))
- }
-
- // When we're done, return the file back to its normal
- // permission bits.
- defer os.Chmod(filename, stat.Mode())
- }
+ mode = stat.Mode().Perm()
}
Source: GitHub Commit
Detection Methods for CVE-2025-26625
Indicators of Compromise
- Unexpected symbolic links within Git repositories pointing to sensitive system paths (e.g., ~/.ssh/authorized_keys, /etc/passwd, shell rc files)
- File modification timestamps on sensitive files correlating with Git LFS checkout or pull operations
- Unusual Git LFS activity in system logs following repository clone operations
- Presence of hard links in repository directories that reference files outside the working tree
Detection Strategies
- Monitor file system operations during git lfs checkout and git lfs pull execution for writes outside the repository working tree
- Implement repository scanning to detect symbolic or hard links that point to paths outside the repository root before processing LFS objects
- Deploy endpoint detection rules to alert on Git LFS processes writing to sensitive system directories
- Audit Git LFS version information across development environments to identify unpatched instances (git lfs version)
Monitoring Recommendations
- Enable file integrity monitoring (FIM) on critical system files and directories commonly targeted by symlink attacks
- Configure logging for Git LFS command execution in CI/CD environments to track repository sources and LFS operations
- Implement network monitoring to identify repository clones from untrusted or suspicious sources
- Review and baseline Git configuration settings across development machines, particularly core.symlinks values
How to Mitigate CVE-2025-26625
Immediate Actions Required
- Upgrade Git LFS to version 3.7.1 or later immediately across all development environments and CI/CD pipelines
- Audit existing repositories for suspicious symbolic or hard links using find . -type l and find . -type f -links +1
- Review recent Git LFS checkout and pull operations on systems that may have interacted with untrusted repositories
- Consider running git lfs install --force after upgrading to ensure hooks are properly updated
Patch Information
The vulnerability is fixed in Git LFS version 3.7.1. The patch introduces proper symlink and hard link validation in the checkout and pull command paths, ensuring files are not written through link targets outside the working tree. The fix also addresses bare repository handling to prevent writes outside the repository structure.
Key commits implementing the fix:
- Commit 0cffe93 - Check for dir/symlink conflicts on checkout/pull
- Commit 5c11ffc - Create new files on checkout and pull with proper link handling
- Commit d02bd13 - Fix bare repo pull/checkout path handling
For additional details, see the GitHub Security Advisory and Release Notes for v3.7.1.
Workarounds
- Disable symlink support in Git by setting core.symlinks configuration option to false for new clones and fetches
- Note that the workaround does not protect against symbolic or hard links already present in existing repositories
- Exercise caution when cloning repositories from untrusted sources, particularly those containing LFS-tracked files
- Consider implementing repository sandboxing or containerization for processing untrusted Git repositories
# Configuration example - Disable symlinks globally for new repositories
git config --global core.symlinks false
# Disable symlinks for a specific repository
cd /path/to/repository
git config core.symlinks false
# Verify Git LFS version and upgrade if needed
git lfs version
# If version < 3.7.1, upgrade:
# On macOS with Homebrew:
brew upgrade git-lfs
# On Linux with package manager:
sudo apt-get update && sudo apt-get install git-lfs
# Or download directly from GitHub releases
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
