216.73.217.50

CVE-2025-41390

· Published 20/10/2025 15:15 · Modified 20/10/2025 15:15

Labels: CVE-2025-41390 2025-10-20CVE-2025-41390CWE-829[email protected]

Essential information

Published
20/10/2025 15:15
Modified
20/10/2025 15:15
Author
Creator
CVSS
7.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vulnerability.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
truffle security co / trufflehog cpe:2.3:a:truffle_security_co:trufflehog:3.90.2:*:*:*:*:*:*:*

References