![\"\"](\"https:\/\/infosec.new88088.net\/wp-content\/uploads\/sites\/20\/2026\/02\/Git-300x167.png\")
<\/p>\nM\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng v\u1eeba \u0111\u01b0\u1ee3c c\u00f4ng b\u1ed1 trong Git CLI \u2013 c\u00f4ng c\u1ee5 qu\u1ea3n l\u00fd m\u00e3 ngu\u1ed3n \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng r\u1ed9ng r\u00e3i nh\u1ea5t hi\u1ec7n nay trong c\u1ed9ng \u0111\u1ed3ng l\u1eadp tr\u00ecnh vi\u00ean. L\u1ed7 h\u1ed5ng mang m\u00e3 \u0111\u1ecbnh danh CVE-2025-48384, \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 v\u1edbi \u0111i\u1ec3m CVSS 8,1, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng ghi t\u1ec7p t\u00f9y \u00fd v\u00e0 th\u1eadm ch\u00ed th\u1ef1c thi m\u00e3 t\u1eeb xa (Remote Code Execution \u2013 RCE) tr\u00ean c\u00e1c h\u1ec7 th\u1ed1ng Linux v\u00e0 macOS. \u0110i\u1ec1u \u0111\u00e1ng lo ng\u1ea1i l\u00e0 vi\u1ec7c khai th\u00e1c ch\u1ec9 y\u00eau c\u1ea7u ng\u01b0\u1eddi d\u00f9ng th\u1ef1c hi\u1ec7n thao t\u00e1c quen thu\u1ed9c: clone m\u1ed9t kho ch\u1ee9a Git \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1eb7c bi\u1ec7t.<\/p>\n
<\/p>\n
Nguy\u00ean nh\u00e2n c\u1ee7a l\u1ed7 h\u1ed5ng CVE-2025-48384 b\u1eaft ngu\u1ed3n t\u1eeb c\u00e1ch Git x\u1eed l\u00fd kh\u00f4ng nh\u1ea5t qu\u00e1n k\u00fd t\u1ef1 \u0111i\u1ec1u khi\u1ec3n carriage return (\\r) trong t\u1ec7p c\u1ea5u h\u00ecnh .gitmodules. C\u1ee5 th\u1ec3, khi Git \u0111\u1ecdc d\u1eef li\u1ec7u t\u1eeb t\u1ec7p n\u00e0y, c\u00e1c k\u00fd t\u1ef1 \\r c\u00f3 th\u1ec3 b\u1ecb b\u1ecf qua ho\u1eb7c \u0111\u01b0\u1ee3c l\u00e0m s\u1ea1ch. Tuy nhi\u00ean, khi Git ghi l\u1ea1i th\u00f4ng tin v\u00e0o t\u1ec7p .git\/config trong m\u00f4i tr\u01b0\u1eddng c\u1ee5c b\u1ed9, nh\u1eefng k\u00fd t\u1ef1 n\u00e0y l\u1ea1i \u0111\u01b0\u1ee3c gi\u1eef nguy\u00ean. S\u1ef1 kh\u00e1c bi\u1ec7t trong c\u00e1ch x\u1eed l\u00fd n\u00e0y t\u1ea1o ra m\u1ed9t k\u1ecbch b\u1ea3n nguy hi\u1ec3m, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng ch\u00e8n k\u00fd t\u1ef1 \\r v\u00e0o cu\u1ed1i \u0111\u01b0\u1eddng d\u1eabn c\u1ee7a submodule. Trong qu\u00e1 tr\u00ecnh th\u1ef1c thi l\u1ec7nh git clone –recursive, Git s\u1ebd v\u00f4 t\u00ecnh ghi c\u1ea5u h\u00ecnh ch\u1ee9a k\u00fd t\u1ef1 \u0111i\u1ec1u khi\u1ec3n v\u00e0o h\u1ec7 th\u1ed1ng m\u00e0 kh\u00f4ng ph\u00e1t sinh c\u1ea3nh b\u00e1o hay l\u1ed7i, t\u1eeb \u0111\u00f3 m\u1edf \u0111\u01b0\u1eddng cho vi\u1ec7c ch\u00e8n ho\u1eb7c ghi \u0111\u00e8 c\u1ea5u h\u00ecnh \u0111\u1ed9c h\u1ea1i.<\/p>\n
C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt ch\u1ec9 ra r\u1eb1ng k\u1ef9 thu\u1eadt n\u00e0y c\u00f3 th\u1ec3 b\u1ecb l\u1ea1m d\u1ee5ng \u0111\u1ec3 thao t\u00fang c\u00e1c tr\u01b0\u1eddng c\u1ea5u h\u00ecnh nh\u1ea1y c\u1ea3m trong Git. M\u1ed9t v\u00ed d\u1ee5 \u0111i\u1ec3n h\u00ecnh l\u00e0 ghi \u0111\u00e8 m\u1ee5c [remote “origin”], qua \u0111\u00f3 chuy\u1ec3n h\u01b0\u1edbng to\u00e0n b\u1ed9 lu\u1ed3ng t\u1ea3i m\u00e3 ngu\u1ed3n sang m\u00e1y ch\u1ee7 do attacker ki\u1ec3m so\u00e1t. Trong k\u1ecbch b\u1ea3n nguy hi\u1ec3m h\u01a1n, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 ghi tr\u1ef1c ti\u1ebfp c\u00e1c t\u1ec7p v\u00e0o th\u01b0 m\u1ee5c .git\/hooks\/. \u0110\u00e2y l\u00e0 khu v\u1ef1c Git cho ph\u00e9p th\u1ef1c thi c\u00e1c script t\u1ef1 \u0111\u1ed9ng m\u1ed7i khi ng\u01b0\u1eddi d\u00f9ng th\u1ef1c hi\u1ec7n c\u00e1c thao t\u00e1c nh\u01b0 git commit, git merge ho\u1eb7c git checkout. B\u1eb1ng c\u00e1ch c\u00e0i c\u1eafm m\u00e3 \u0111\u1ed9c d\u01b0\u1edbi d\u1ea1ng hook, attacker c\u00f3 th\u1ec3 duy tr\u00ec quy\u1ec1n ki\u1ec3m so\u00e1t l\u00e2u d\u00e0i v\u00e0 th\u1ef1c thi m\u00e3 m\u1ed9t c\u00e1ch \u00e2m th\u1ea7m, r\u1ea5t kh\u00f3 b\u1ecb ph\u00e1t hi\u1ec7n ngay l\u1eadp t\u1ee9c.<\/p>\n
M\u1ee9c \u0111\u1ed9 r\u1ee7i ro c\u1ee7a l\u1ed7 h\u1ed5ng n\u00e0y c\u00e0ng t\u0103ng cao do th\u00f3i quen s\u1eed d\u1ee5ng ph\u1ed5 bi\u1ebfn c\u1ee7a c\u1ed9ng \u0111\u1ed3ng ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m. L\u1ec7nh git clone –recursive th\u01b0\u1eddng xuy\u00ean xu\u1ea5t hi\u1ec7n trong README ho\u1eb7c t\u00e0i li\u1ec7u h\u01b0\u1edbng d\u1eabn c\u1ee7a c\u00e1c d\u1ef1 \u00e1n m\u00e3 ngu\u1ed3n m\u1edf, \u0111\u1eb7c bi\u1ec7t l\u00e0 nh\u1eefng d\u1ef1 \u00e1n c\u00f3 s\u1eed d\u1ee5ng submodule. Ng\u01b0\u1eddi d\u00f9ng, nh\u1ea5t l\u00e0 c\u00e1c l\u1eadp tr\u00ecnh vi\u00ean m\u1edbi ho\u1eb7c nh\u1eefng ng\u01b0\u1eddi \u00edt c\u1ea3nh gi\u00e1c, c\u00f3 th\u1ec3 d\u1ec5 d\u00e0ng sao ch\u00e9p v\u00e0 ch\u1ea1y l\u1ec7nh n\u00e0y m\u00e0 kh\u00f4ng ki\u1ec3m tra k\u1ef9 n\u1ed9i dung kho ch\u1ee9a. Tr\u00ean macOS, nguy c\u01a1 c\u00f2n l\u1edbn h\u01a1n khi GitHub Desktop m\u1eb7c \u0111\u1ecbnh s\u1eed d\u1ee5ng ch\u1ebf \u0111\u1ed9 clone \u0111\u1ec7 quy, khi\u1ebfn vi\u1ec7c khai th\u00e1c c\u00f3 th\u1ec3 x\u1ea3y ra m\u00e0 kh\u00f4ng c\u1ea7n ng\u01b0\u1eddi d\u00f9ng thao t\u00e1c d\u00f2ng l\u1ec7nh th\u1ee7 c\u00f4ng. Ng\u01b0\u1ee3c l\u1ea1i, c\u00e1c h\u1ec7 th\u1ed1ng Windows kh\u00f4ng b\u1ecb \u1ea3nh h\u01b0\u1edfng b\u1edfi l\u1ed7 h\u1ed5ng n\u00e0y do s\u1ef1 kh\u00e1c bi\u1ec7t trong c\u00e1ch x\u1eed l\u00fd k\u00fd t\u1ef1 \u0111i\u1ec1u khi\u1ec3n gi\u1eefa m\u00f4i tr\u01b0\u1eddng Windows v\u00e0 c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh d\u1ef1a tr\u00ean Unix.<\/p>\n
Theo th\u00f4ng tin t\u1eeb ph\u00eda d\u1ef1 \u00e1n Git, t\u1ea5t c\u1ea3 c\u00e1c phi\u00ean b\u1ea3n t\u1eeb v2.43.6 tr\u1edf v\u1ec1 tr\u01b0\u1edbc cho \u0111\u1ebfn v2.50.0 \u0111\u1ec1u n\u1eb1m trong di\u1ec7n b\u1ecb \u1ea3nh h\u01b0\u1edfng. Nh\u1eb1m kh\u1eafc ph\u1ee5c tri\u1ec7t \u0111\u1ec3 l\u1ed7 h\u1ed5ng, c\u00e1c b\u1ea3n v\u00e1 \u0111\u00e3 \u0111\u01b0\u1ee3c ph\u00e1t h\u00e0nh trong \u0111\u1ee3t c\u1eadp nh\u1eadt ng\u00e0y 8\/7\/2025, bao g\u1ed3m c\u00e1c phi\u00ean b\u1ea3n: v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1 v\u00e0 v2.50.1. Ng\u01b0\u1eddi d\u00f9ng \u0111\u01b0\u1ee3c khuy\u1ebfn c\u00e1o n\u00e2ng c\u1ea5p Git l\u00ean c\u00e1c phi\u00ean b\u1ea3n n\u00e0y trong th\u1eddi gian s\u1edbm nh\u1ea5t.<\/p>\n
\u0110\u1ec3 gi\u1ea3m thi\u1ec3u r\u1ee7i ro ph\u00e1t sinh t\u1eeb CVE-2025-48384, c\u1ea3 c\u00e1 nh\u00e2n l\u1eabn t\u1ed5 ch\u1ee9c c\u1ea7n ch\u1ee7 \u0111\u1ed9ng \u00e1p d\u1ee5ng c\u00e1c bi\u1ec7n ph\u00e1p ph\u00f2ng ng\u1eeba. Tr\u01b0\u1edbc h\u1ebft, n\u00ean h\u1ea1n ch\u1ebf s\u1eed d\u1ee5ng l\u1ec7nh git clone –recursive \u0111\u1ed1i v\u1edbi c\u00e1c kho ch\u1ee9a kh\u00f4ng r\u00f5 ngu\u1ed3n g\u1ed1c, \u0111\u1eb7c bi\u1ec7t khi ch\u01b0a ki\u1ec3m tra n\u1ed9i dung t\u1ec7p .gitmodules. V\u1edbi ng\u01b0\u1eddi d\u00f9ng GitHub Desktop tr\u00ean macOS, gi\u1ea3i ph\u00e1p t\u1ea1m th\u1eddi l\u00e0 chuy\u1ec3n sang s\u1eed d\u1ee5ng Git CLI \u0111\u00e3 \u0111\u01b0\u1ee3c v\u00e1 ho\u1eb7c ch\u1edd b\u1ea3n c\u1eadp nh\u1eadt ch\u00ednh th\u1ee9c t\u1eeb \u1ee9ng d\u1ee5ng. Trong m\u00f4i tr\u01b0\u1eddng doanh nghi\u1ec7p, vi\u1ec7c tri\u1ec3n khai c\u00e1c quy t\u1eafc gi\u00e1m s\u00e1t t\u00f9y ch\u1ec9nh tr\u00ean h\u1ec7 th\u1ed1ng ph\u00e1t hi\u1ec7n x\u00e2m nh\u1eadp (IDS) l\u00e0 c\u1ea7n thi\u1ebft, \u0111\u1ed3ng th\u1eddi \u01b0u ti\u00ean theo d\u00f5i c\u00e1c ti\u1ebfn tr\u00ecnh shell c\u00f3 ngu\u1ed3n g\u1ed1c t\u1eeb Git, nh\u1ea5t l\u00e0 khi li\u00ean quan \u0111\u1ebfn thao t\u00e1c clone \u0111\u1ec7 quy.<\/p>\n
L\u1ed7 h\u1ed5ng CVE-2025-48384 l\u00e0 m\u1ed9t minh ch\u1ee9ng r\u00f5 r\u00e0ng cho th\u1ea5y nh\u1eefng m\u1ed1i \u0111e d\u1ecda nghi\u00eam tr\u1ecdng kh\u00f4ng nh\u1ea5t thi\u1ebft ph\u1ea3i xu\u1ea5t ph\u00e1t t\u1eeb c\u00e1c k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng ph\u1ee9c t\u1ea1p, m\u00e0 \u0111\u00f4i khi l\u1ea1i b\u1eaft ngu\u1ed3n t\u1eeb ch\u00ednh nh\u1eefng thao t\u00e1c quen thu\u1ed9c h\u1eb1ng ng\u00e0y. Trong b\u1ed1i c\u1ea3nh c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng ph\u1ea7n m\u1ec1m ng\u00e0y c\u00e0ng gia t\u0103ng, vi\u1ec7c c\u1eadp nh\u1eadt c\u00f4ng c\u1ee5, th\u1eadn tr\u1ecdng khi s\u1eed d\u1ee5ng kho ch\u1ee9a b\u00ean ngo\u00e0i v\u00e0 gi\u00e1m s\u00e1t h\u00e0nh vi b\u1ea5t th\u01b0\u1eddng \u0111\u00e3 tr\u1edf th\u00e0nh y\u00eau c\u1ea7u thi\u1ebft y\u1ebfu \u0111\u1ed1i v\u1edbi m\u1ecdi nh\u00e0 ph\u00e1t tri\u1ec3n v\u00e0 t\u1ed5 ch\u1ee9c.<\/p>\n","protected":false},"excerpt":{"rendered":"
M\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng v\u1eeba \u0111\u01b0\u1ee3c c\u00f4ng b\u1ed1 trong Git CLI \u2013 c\u00f4ng c\u1ee5 qu\u1ea3n l\u00fd m\u00e3 ngu\u1ed3n \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng r\u1ed9ng r\u00e3i nh\u1ea5t hi\u1ec7n nay trong c\u1ed9ng \u0111\u1ed3ng l\u1eadp tr\u00ecnh vi\u00ean. L\u1ed7 h\u1ed5ng mang m\u00e3 \u0111\u1ecbnh danh CVE-2025-48384, \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 v\u1edbi \u0111i\u1ec3m CVSS 8,1, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng ghi […]<\/p>\n","protected":false},"author":46,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-10183","post","type-post","status-publish","format-standard","hentry","category-tin-tuc-cua-vien"],"_links":{"self":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/users\/46"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/comments?post=10183"}],"version-history":[{"count":0,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10183\/revisions"}],"wp:attachment":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/media?parent=10183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/categories?post=10183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/tags?post=10183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}