CVE-2025-52480

Registrator.jl Argument Injection Vulnerability

Description

Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious (or can be injected using upstream vulnerabilities), an argument injection is possible in the `gettreesha()` function. This can then lead to a potential remote code execution. Users should upgrade immediately to v1.9.5 to receive a patch. All prior versions are vulnerable. No known workarounds are available.

INFO

Published Date :

2025-06-25T16:37:32.944Z

Last Modified :

2025-06-26T14:37:18.399Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-52480 vulnerability.

Vendors	Products
Julialang	Registrator

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-52480.

URL	Resource
https://github.com/JuliaRegistries/Registrator.jl/pull/449
https://github.com/JuliaRegistries/Registrator.jl/security/advisories/GHSA-w8jv-rg3h-fc68

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact