Contributor Spotlight: Adam Reiser of Cisco Talos
Contributor Spotlight: Adam Reiser of Cisco Talos
Joe Leon
October 17, 2025
tl;dr TruffleHog has been patched to address a rare edge case involving malicious repositories not cloned via Git (e.g., manually downloaded ZIPs). To get the security update, simply run
trufflehogas usual. It will handle the update for you automatically.
We recently patched a security vulnerability in TruffleHog’s handling of untrusted, uncloned git repositories, reported by Adam Reiser of Cisco Talos. It’s logged as CVE-2025-41390.
It’s important to state upfront that this vulnerability only impacts a very narrow edge case: users scanning a local Git repository that was copied file-for-file (e.g., from a zip) rather than cloned. While the attack scenario is limited, we took it seriously.
Today, we want to share the story behind the discovery and the engineering decisions we made to harden TruffleHog against this class of vulnerability.
The Discovery: A Conversation with Adam Reiser
We had an opportunity to chat with Adam and ask him a little bit about his process for doing security research:
Truffle Security: To start, what type of vulnerability research do you focus on?
Adam Reiser: I'm on an internal red team, so I go where attackers go. Logic bugs are my favorite, especially when they arise from a gap between developer intent and real-world use. Even in the most automated workflows, there's a human involved at some point, and understanding these interactions often leads to interesting bugs or exploitable behaviors, which are essentially bugs in the human/computer system.
Truffle Security: Where did the idea to explore this class of vulnerabilities come from?
Adam Reiser: It started with an error message. I was setting up a shared analysis space for our team to process incoming data, which included git repos. Since multiple users were contributing, we started hitting this error: fatal: detected dubious ownership in repository at '/path/to/repo.git'.
Cryptic error messages are a Unix tradition, although they've become rarer as the industry has matured. 'Dubious' ownership detection hits a sweet spot of being accurate, enigmatic, and alarming. Anyway, git is protecting us from potential command injections. Repos that are copied file-for-file (rather than cloned) require careful handling because there are lots of ways that git can be leveraged to run commands. Git hooks are designed for exactly this purpose and manytools run git commands under the hood. Justin Steven wrote a detailed advisory on this issue in 2022.
Truffle Security: How did you initially identify TruffleHog to look at?
Adam Reiser: We evaluated all the git tools we use for safety on untrusted repos. Our team [at Cisco Talos] uses TruffleHog extensively to find secrets buried in repo history.
Truffle Security: What was the most surprising thing you uncovered while researching this class of vulnerabilities?
Adam Reiser: The biggest surprise was how little the situation has changed in the past few years. Tools that have been publicly known to be vulnerable since at least 2022 are still vulnerable today.
Truffle Security: What impact do you hope your disclosure has on developers, open source maintainers, or the broader security community?
Adam Reiser: I hope that developers and users gain a better understanding of the risks of running git commands and of the mitigations available. Set safe.bareRepository to explicit in your system level git configs. Patch git invocations to disable core.fsmonitor, e.g., with git -c core.fsmonitor="". Check the tools that you use and submit patches. And if you have time, browse through https://git-scm.com/docs/git-config to see just how many ways git can be used to call external commands.
The Remediation: Hardening TruffleHog Against Untrusted Git
Adam's research provided the perfect opportunity to re-evaluate how TruffleHog interacts with local repositories. Our goal was not just to patch this specific vulnerability but to eliminate the entire attack vector.
The Untrusted Repository Problem
The core threat arises when a tool (like TruffleHog) shells out to Git to process a repository that has been copied file-for-file. This method preserves the entire .git directory, including a potentially malicious .git/config file, which an attacker could use to execute arbitrary commands.
For example, consider the following .git/config file:
[core]
fsmonitor = "id > /tmp/pwned"Any tool that runs a command like git status on this repository would unknowingly execute the attacker's script. What this means is a seemingly benign operation can become a vector for compromise. And core.fsmonitor is just one of many such configurations (e.g. core.page, diff.external, diff.<INSERT>.textconv, etc).
The Path to a Solution
We evaluated three primary remediation strategies. Our first thought was a denylist of dangerous configurations, but it's fundamentally brittle and requires constant maintenance. Next, we considered using an allowlist, but ran into technical challenges when attempting to neutralize all non-allowed configurations across all platforms.
This led us to the most robust solution and one that aligns perfectly with Git's own security model: perform a local git clone when dealing with untrusted .git directories.
When a user points TruffleHog’s git scanner at a local path, we now first perform a git clone of that directory into a temporary location. The git clone command is designed to create a clean repository copy, scrubbing potentially malicious hooks and configurations. The TruffleHog engine then scans this safe, temporary clone. For users who intentionally modify their local config for legitimate reasons, we added a --trust-local-git-config flag to bypass this new behavior.
A More Secure Scanner for Everyone
By adopting the local clone approach, we've hardened TruffleHog against an entire class of vulnerabilities. Since all versions of TruffleHog v3 prior to our latest release are affected, we strongly urge all users to update. The easiest way to get the patch is to simply run trufflehog without the --no-update flag, which will automatically download the latest version. For TruffleHog Enterprise users, TruffleHog Enterprise Version v1.97.13 has the latest update.
We sincerely thank Adam Reiser and the Cisco Talos team for their responsible disclosure and collaboration. This process is a testament to the power of the open-source community in making software safer for everyone.
tl;dr TruffleHog has been patched to address a rare edge case involving malicious repositories not cloned via Git (e.g., manually downloaded ZIPs). To get the security update, simply run
trufflehogas usual. It will handle the update for you automatically.
We recently patched a security vulnerability in TruffleHog’s handling of untrusted, uncloned git repositories, reported by Adam Reiser of Cisco Talos. It’s logged as CVE-2025-41390.
It’s important to state upfront that this vulnerability only impacts a very narrow edge case: users scanning a local Git repository that was copied file-for-file (e.g., from a zip) rather than cloned. While the attack scenario is limited, we took it seriously.
Today, we want to share the story behind the discovery and the engineering decisions we made to harden TruffleHog against this class of vulnerability.
The Discovery: A Conversation with Adam Reiser
We had an opportunity to chat with Adam and ask him a little bit about his process for doing security research:
Truffle Security: To start, what type of vulnerability research do you focus on?
Adam Reiser: I'm on an internal red team, so I go where attackers go. Logic bugs are my favorite, especially when they arise from a gap between developer intent and real-world use. Even in the most automated workflows, there's a human involved at some point, and understanding these interactions often leads to interesting bugs or exploitable behaviors, which are essentially bugs in the human/computer system.
Truffle Security: Where did the idea to explore this class of vulnerabilities come from?
Adam Reiser: It started with an error message. I was setting up a shared analysis space for our team to process incoming data, which included git repos. Since multiple users were contributing, we started hitting this error: fatal: detected dubious ownership in repository at '/path/to/repo.git'.
Cryptic error messages are a Unix tradition, although they've become rarer as the industry has matured. 'Dubious' ownership detection hits a sweet spot of being accurate, enigmatic, and alarming. Anyway, git is protecting us from potential command injections. Repos that are copied file-for-file (rather than cloned) require careful handling because there are lots of ways that git can be leveraged to run commands. Git hooks are designed for exactly this purpose and manytools run git commands under the hood. Justin Steven wrote a detailed advisory on this issue in 2022.
Truffle Security: How did you initially identify TruffleHog to look at?
Adam Reiser: We evaluated all the git tools we use for safety on untrusted repos. Our team [at Cisco Talos] uses TruffleHog extensively to find secrets buried in repo history.
Truffle Security: What was the most surprising thing you uncovered while researching this class of vulnerabilities?
Adam Reiser: The biggest surprise was how little the situation has changed in the past few years. Tools that have been publicly known to be vulnerable since at least 2022 are still vulnerable today.
Truffle Security: What impact do you hope your disclosure has on developers, open source maintainers, or the broader security community?
Adam Reiser: I hope that developers and users gain a better understanding of the risks of running git commands and of the mitigations available. Set safe.bareRepository to explicit in your system level git configs. Patch git invocations to disable core.fsmonitor, e.g., with git -c core.fsmonitor="". Check the tools that you use and submit patches. And if you have time, browse through https://git-scm.com/docs/git-config to see just how many ways git can be used to call external commands.
The Remediation: Hardening TruffleHog Against Untrusted Git
Adam's research provided the perfect opportunity to re-evaluate how TruffleHog interacts with local repositories. Our goal was not just to patch this specific vulnerability but to eliminate the entire attack vector.
The Untrusted Repository Problem
The core threat arises when a tool (like TruffleHog) shells out to Git to process a repository that has been copied file-for-file. This method preserves the entire .git directory, including a potentially malicious .git/config file, which an attacker could use to execute arbitrary commands.
For example, consider the following .git/config file:
[core]
fsmonitor = "id > /tmp/pwned"Any tool that runs a command like git status on this repository would unknowingly execute the attacker's script. What this means is a seemingly benign operation can become a vector for compromise. And core.fsmonitor is just one of many such configurations (e.g. core.page, diff.external, diff.<INSERT>.textconv, etc).
The Path to a Solution
We evaluated three primary remediation strategies. Our first thought was a denylist of dangerous configurations, but it's fundamentally brittle and requires constant maintenance. Next, we considered using an allowlist, but ran into technical challenges when attempting to neutralize all non-allowed configurations across all platforms.
This led us to the most robust solution and one that aligns perfectly with Git's own security model: perform a local git clone when dealing with untrusted .git directories.
When a user points TruffleHog’s git scanner at a local path, we now first perform a git clone of that directory into a temporary location. The git clone command is designed to create a clean repository copy, scrubbing potentially malicious hooks and configurations. The TruffleHog engine then scans this safe, temporary clone. For users who intentionally modify their local config for legitimate reasons, we added a --trust-local-git-config flag to bypass this new behavior.
A More Secure Scanner for Everyone
By adopting the local clone approach, we've hardened TruffleHog against an entire class of vulnerabilities. Since all versions of TruffleHog v3 prior to our latest release are affected, we strongly urge all users to update. The easiest way to get the patch is to simply run trufflehog without the --no-update flag, which will automatically download the latest version. For TruffleHog Enterprise users, TruffleHog Enterprise Version v1.97.13 has the latest update.
We sincerely thank Adam Reiser and the Cisco Talos team for their responsible disclosure and collaboration. This process is a testament to the power of the open-source community in making software safer for everyone.
Thoughts, research findings, reports, and more from Truffle Security Co.
The Dig
Thoughts, research findings, reports, and more from Truffle Security Co.
STAY STRONG
DIG DEEP
DOING IT THE RIGHT WAY
SINCE 2021
© 2025 Truffle Security Co.
STAY STRONG
DIG DEEP
© 2025 Truffle Security Co.