Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Git for Windows: Weak User Passwords Exposed via Malicious Server
CVE-2025-66413
Summary
If you use an outdated version of Git for Windows, a hacker can trick you into downloading code from a fake server, potentially revealing your Windows login credentials. This is a security risk because Windows passwords can be easily guessed. Update to the latest version of Git for Windows to fix this issue.
Original title
Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is ...
Original description
Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is fixed in 2.53.0(2).
nvd CVSS3.1
7.4
Vulnerability type
CWE-200
Information Exposure
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026