CVE-2025-41390
HIGHDescription
An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vulnerability.
Is your site exposed to CVE-2025-41390?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-41390? +
How severe is CVE-2025-41390? +
How do I check if I'm vulnerable to CVE-2025-41390? +
Related Vulnerabilities
In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The …
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository …
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution …
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules …
Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control …
Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute …