What is CVE-2023-29012?

A high-severity vulnerability in Git for Windows allows execution of maliciously-placed commands through Git CMD in untrusted directories. Organizations should prioritize patching to mitigate risks associated with this vulnerability.

What is the severity of CVE-2023-29012?

CVE-2023-29012 has a severity rating of HIGH with a CVSS base score of 7.2.

CVE-2023-29012 | High Vulnerability in Git for Windows

Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolled Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. This vulnerability has a CVSS score of 7.2, indicating a high severity level. Organizations should prioritize patching immediately.

Risk to organizations includes unauthorized execution of commands, which could lead to data breaches or system compromises. The vulnerability requires high privileges and user interaction to exploit, which may mitigate some risk but still poses a significant threat, especially in environments where users may unknowingly execute Git CMD in untrusted directories.

As of now, no public exploits have been confirmed for this vulnerability, and it is not listed in the Known Exploited Vulnerabilities (KEV) catalog. However, organizations should remain vigilant for potential exploits and ensure that they apply patches promptly.

The vulnerability has been patched in Git for Windows v2.40.1. As a workaround, users are advised to avoid starting Git CMD in untrusted directories.

Vulnerability Details

The vulnerability allows the execution of malicious commands through the Git CMD interface in Windows. This is classified under CWE-427, which pertains to Uncontrolled Search Path Element. The CVSS score of 7.2 reflects the high impact this vulnerability can have on confidentiality, integrity, and availability.

Technical Analysis

The root cause of this vulnerability lies in the handling of environment paths by Git CMD. When a user executes commands in an untrusted directory, the system may inadvertently execute a malicious `doskey.exe`, leading to unauthorized command execution.

The attack vector is local, requiring the user to initiate Git CMD in the vulnerable environment. While the attack complexity is high due to the necessity of high privileges, the user interaction required still leaves room for exploitation in less secure setups.

Risk & Impact Analysis

Real-world deployment risk includes the possibility of executing arbitrary commands, leading to severe data loss or system compromise. The blast radius can be extensive, especially if Git CMD is used in a development or production environment with sensitive data.

Organizations should assess the urgency of addressing this vulnerability based on their operational environment and user practices. Given its high CVSS score and potential impacts, it should be addressed in priority patch cycles.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions of Git for Windows prior to v2.40.1 are affected by this vulnerability. Organizations should update to the latest version to mitigate any risks.

Mitigation & Remediation

To remediate this vulnerability, organizations should upgrade to Git for Windows v2.40.1 or later. In case the patch cannot be applied immediately, avoid using Git CMD in untrusted directories as a temporary workaround.

For further information on secure coding practices, organizations can refer to the secure coding practices guide to help prevent similar vulnerabilities in the future.

Detection Guidance

Organizations should monitor logs for any unauthorized execution attempts of `doskey.exe`. Additionally, behavioral anomalies in user commands should be flagged for further investigation.

AppSecure Threat Intelligence Insight

This vulnerability highlights a critical area of concern for organizations using Git CMD in potentially unsafe environments. Security teams should focus on enhancing their threat detection capabilities and ensure that Git CMD is used securely.

For a comprehensive understanding of vulnerability management, organizations may refer to the vulnerability management program to mitigate risks effectively.

In addition, the importance of continuous penetration testing cannot be overstated. Organizations are encouraged to engage in penetration testing regularly to uncover vulnerabilities before they can be exploited.

Finally, staying informed about emerging threats and understanding the attack vectors that may be leveraged is crucial for maintaining security.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-29012: High Vulnerability in Git for Windows