CrowdStrike Falcon Blocks Git Exploit in Active Attack

CrowdStrike has detected active exploitation of a critical Git vulnerability, identified as CVE-2025-48384. The company reports that its endpoint protection platform, CrowdStrike Falcon, blocks Git-based attacks by intercepting malicious repositories crafted through advanced social engineering tactics. Threat actors are using these deceptive techniques to lure developers into cloning compromised repositories, triggering the exploit.

The campaign relies on combining technical Git manipulation with human factors, allowing the attackers to bypass traditional defenses. CrowdStrike Falcon blocks Git exploits by analyzing repository behavior and preventing execution of harmful code. The company’s security team observed this activity in the wild and responded by updating detection capabilities.

In addition to CVE-2025-48384, CrowdStrike flagged CVE-2025-61882 and CVE-2025-54918 as related vulnerabilities that could be targeted in similar ways. Organizations using Git are urged to remain vigilant and monitor developer workflows for suspicious activity.

For a comprehensive analysis, read the full report at
https://www.crowdstrike.com/en-us/blog/crowdstrike-falcon-blocks-git-vulnerability-cve-2025-48384/