Arbitrary Code Execution Vulnerability in TruffleHog by Truffle Security Co.
CVE-2025-41390

7.8HIGH

Key Information:

Vendor: Truffle Security Co.
Status: Trufflehog
Vendor: CVE Published:; 20 October 2025

🔔 Create Truffle Security Co. Vulnerability Alert

What is CVE-2025-41390?

An arbitrary code execution vulnerability affects TruffleHog 3.90.2 by Truffle Security Co. This vulnerability is exploited when an attacker provides a specially crafted repository that can execute arbitrary code upon processing. It poses a significant risk to users who may inadvertently interact with compromised repositories. Users are advised to apply necessary security measures and updates to mitigate potential exploitation.

Affected Version(s)

TruffleHog 3.90.2

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://trufflesecurity.com/blog/contributor-spotlight-ad...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Jul 29, 2025

Credit

Adam Reiser of Cisco ASIG

JSON