top of page
perceptive_background_267k.jpg

Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious serve…

Published:

9 March 2026 at 23:00:00

Alert date:

10 March 2026 at 22:05:14

Source:

nvd.nist.gov

Click to open the original link from this advisory

Operating Systems, Identity & Access

Git for Windows versions prior to 2.53.0(2) contain a vulnerability that allows attackers to obtain a user's NTLM hash by tricking them into cloning from a malicious server. The weakness of NTLM hashing enables attackers to brute-force the user's account credentials. This social engineering attack exploits the trust users place in git clone operations. The vulnerability has been patched in version 2.53.0(2). Organizations using Git for Windows should update immediately to prevent credential theft.

Technical details

Mitigation steps:

Affected products:

Git for Windows

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-66413
https://github.com/git-for-windows/git/releases/tag/v2.53.0.windows.2
https://github.com/git-for-windows/git/security/advisories/GHSA-hv9c-4jm9-jh3x

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page