SHA-1 Hash Collision Vulnerability in Gitoxide by GitoxideLabs
CVE-2025-31130

6.8MEDIUM

Key Information:

Vendor: Gitoxidelabs
Status: Gitoxide
Vendor: CVE Published:; 4 April 2025

🔔 Create Gitoxidelabs Vulnerability Alert

What is CVE-2025-31130?

Gitoxide, a Rust implementation of Git, is susceptible to hash collision attacks due to its use of nonlinear SHA-1 hash implementations prior to version 0.42.0. Without collision detection mechanisms, the integrity of the Git object model can be compromised, potentially resulting in distinct Git objects sharing the same SHA-1 hash. This flaw can disrupt version control operations and undermine data integrity. This issue was addressed in version 0.42.0 through necessary updates to the hashing process.

Affected Version(s)

gitoxide < 0.42.0

References

https://github.com/GitoxideLabs/gitoxide/security/advisor...

x_refsource_CONFIRM

https://github.com/GitoxideLabs/gitoxide/commit/f253f02a6...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2025
Vulnerability Reserved
Mar 26, 2025

CVE-2025-31130 Data

JSON