GitHub Desktop Flaw Exposes Credentials via Malicious URLs

Last updated January 28, 2025
Anosha Shariq
Writer

Anosha Shariq is a dedicated news writer at VPNRanks, specializing in VPN and online privacy. With a journalism background, she covers cybersecurity and tech trends. A passionate pet lover, she also supports animal welfare initiatives. Anosha aims to provide clear, insightful information on digital privacy and security.

See Full Bio >
written by
Anosha Shariq

Anosha Shariq
Writer

Anosha Shariq is a dedicated news writer at VPNRanks, specializing in VPN and online privacy. With a journalism background, she covers cybersecurity and tech trends. A passionate pet lover, she also supports animal welfare initiatives. Anosha aims to provide clear, insightful information on digital privacy and security.

See Full Bio >
Writer

San Francisco, January 28, 2025 – A critical GitHub Desktop flaw, CVE-2025-23040, leaks credentials via malicious URLs. Update to the latest version now to secure your repositories.

A critical vulnerability in GitHub Desktop has exposed user credentials to potential cyberattacks via maliciously crafted URLs. Dubbed Clone2Leak, this flaw threatens to compromise sensitive authentication tokens, putting developers and enterprises at serious risk.

The vulnerability, tracked as CVE-2025-23040, arises from improper handling of carriage-return characters in remote URLs, allowing attackers to intercept credentials. Affected projects include GitHub Desktop, GitHub CLI, and Git Credential Manager, with risks extending to repositories utilizing Git LFS.

In response, GitHub emphasized the gravity of the situation:

This flaw allows malicious actors to exfiltrate credentials through manipulated URLs. Immediate updates are critical.

Cybersecurity expert Ry0taK, who uncovered the vulnerability, explained:

By injecting malicious characters, attackers can trick GitHub Desktop into sending credentials to unauthorized hosts, enabling access to privileged data.

GitHub has released updates to mitigate the risk. Developers are strongly advised to upgrade to version v2.48.1 and avoid cloning repositories from untrusted sources. The flaw also impacts GitHub Codespaces, where cloned malicious repositories could expose access tokens.

Developer Alex Brown expressed concern:

GitHub’s tools are vital to our workflows. Flaws like these could severely impact trust in the platform.

This revelation underscores the importance of proactive cybersecurity measures. Users must update their GitHub tools immediately to protect against potential exploitation.

Other News At VPNRanks

Hey, wait!

Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life.

GitHub Desktop Flaw Exposes Credentials via Malicious URLs

Other News At VPNRanks

Related Posts

Kibana Under Attack! Critical Flaw Allows Remote Takeover

Fake Adobe, DocuSign Apps Hijack Microsoft 365 Accounts

Firefox Users Face Add-On Chaos Without Urgent Update

CISA Flags Five New Exploited Vulnerabilities

Wellows Launches KIVA: Your New AI SEO Agent to Crush Workflow Chaos

California Cryobank Leak Exposes Social Security Data