{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T22:25:25.229","vulnerabilities":[{"cve":{"id":"CVE-2025-66413","sourceIdentifier":"security-advisories@github.com","published":"2026-03-10T21:16:40.680","lastModified":"2026-04-21T14:08:46.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is fixed in 2.53.0(2)."},{"lang":"es","value":"Git para Windows es el puerto de Windows de Git. Antes de 2.53.0(2), es posible obtener el hash NTLM de un usuario engañándolos para que clonen de un servidor malicioso. Dado que el hashing NTLM es débil, es posible para el atacante forzar por fuerza bruta el nombre de cuenta y la contraseña del usuario. Esta vulnerabilidad está corregida en 2.53.0(2)."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-307"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitforwindows:git:*:*:*:*:*:*:*:*","versionEndIncluding":"2.53.0","matchCriteriaId":"78AC4040-01B2-45BF-B32D-E02FFE3BA565"}]}]}],"references":[{"url":"https://github.com/git-for-windows/git/releases/tag/v2.53.0.windows.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/git-for-windows/git/security/advisories/GHSA-hv9c-4jm9-jh3x","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}