TL;DR: A rare edge-case vulnerability affected local Git repositories copied file-for-file, where malicious .git/config settings could trigger command execution during scanning, according to TruffleHog and Cisco Talos. The lesson is broader than the patch: tools that inspect untrusted repositories must treat repository metadata as executable attack surface, not inert context.
NHIMG editorial — based on content published by TruffleHog: One leaked credential can silently compromise your entire SaaS stack
Questions worth separating out
Q: What breaks when secret-scanning tools trust copied git repositories?
A: Copied repositories can preserve malicious .git metadata that changes Git’s runtime behavior.
Q: Why do untrusted repositories create risk for NHI and secrets workflows?
A: Because secret scanners and CI helpers often run with more access than the repository itself.
Q: How do security teams know if their repo-scanning controls are actually working?
A: Look for two signals: untrusted repositories are always cloned into a temporary workspace, and no scanner path shells out to Git on copied inputs.
Practitioner guidance
- Force untrusted repositories through a temporary clone Require secret-scanning tools to clone local repositories into a clean temporary directory before any Git command runs.
- Audit Git shell-outs in scanner workflows Inventory every place your secret scanners, analysis jobs, and CI helpers invoke Git.
- Disable unsafe Git config handling for untrusted inputs Set safe.bareRepository to explicit where appropriate and use command-line options that suppress risky Git features for untrusted paths.
What's in the full article
TruffleHog's full post covers the engineering details this analysis intentionally leaves at a higher level:
- The exact untrusted repository handling change that uses a local git clone before scanning.
- The reasoning behind rejecting denylist and allowlist approaches for unsafe repository configuration.
- The trust-local-git-config override and when it is meant to be used.
- The specific affected TruffleHog versions and update path for enterprise and open-source users.
👉 Read TruffleHog's analysis of CVE-2025-41390 and untrusted git repositories →
Local git repositories and secret scans: where the hidden risk sits?
Explore further
Repository provenance has become an identity control, not just a source-control concern. The vulnerability works because tools infer trust from a local path rather than from how the repository arrived there. That assumption collapses the moment untrusted metadata can influence the runtime of a secret scanner. Practitioners should treat copied repositories as a governed input class, not a convenience shortcut.
A few things that frame the scale:
- 54% of organisations are dissatisfied with their current secrets management solution because not all secrets are secured, and 43% cite lack of central management, according to The 2024 State of Secrets Management Survey.
- 88% of security professionals are concerned about secrets sprawl, with 49% of those in larger organisations described as "very concerned", according to The 2024 State of Secrets Management Survey.
A question worth separating out:
Q: Who is accountable when a security tool executes attacker-controlled Git behavior?
A: Accountability sits with the team that owns the tool, the pipeline, and the repository intake process. If a scanner executes configuration from an untrusted repository, that is a control design failure, not an unavoidable property of Git. Ownership should span platform security, IAM, and the team operating the scanning workflow.
👉 Read our full editorial: Local git repositories can turn secret scans into code execution