Arbitrary Code Execution Vulnerability in TruffleHog by Truffle Security Co.
CVE-2025-41390

7.8HIGH

Key Information:

Vendor

Truffle Security Co.

Status
Trufflehog
Vendor
CVE Published:
20 October 2025

What is CVE-2025-41390?

An arbitrary code execution vulnerability affects TruffleHog 3.90.2 by Truffle Security Co. This vulnerability is exploited when an attacker provides a specially crafted repository that can execute arbitrary code upon processing. It poses a significant risk to users who may inadvertently interact with compromised repositories. Users are advised to apply necessary security measures and updates to mitigate potential exploitation.

Affected Version(s)

TruffleHog 3.90.2

References

https://talosintelligence.com/vulnerability_reports/TALOS...
https://trufflesecurity.com/blog/contributor-spotlight-ad...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Adam Reiser of Cisco ASIG
JSON
.
CVE-2025-41390 : Arbitrary Code Execution Vulnerability in TruffleHog by Truffle Security Co.