Changes since Git for Windows v2.53.0 (February 2nd 2026)
This is a security fix release, addressing CVE-2025-66413.
- CVE-2025-66413, Git for Windows: When a user clones a repository from an attacker-controlled server, Git may attempt NTLM authentication and disclose the user's NTLMv2 hash to the remote server. Since NTLM hashing is weak, the captured hash can potentially be brute-forced to recover the user's credentials. This is addressed by disabling NTLM authentication by default.
| Filename | SHA-256 |
|---|---|
| Git-2.53.0.2-64-bit.exe | 194362cf24cd0db4b573096108460a34c7f80a20c5f2aa60d06ef817be9f73a1 |
| Git-2.53.0.2-arm64.exe | 07f74afb072a95993d58fbcc3979f7e53ce0cfc10d574f484766c54f73e21d1b |
| PortableGit-2.53.0.2-64-bit.7z.exe | 5f4f76c7d5036ea3b29fbadedcc510733b3a0ee8da57a36796e2e57a466be964 |
| PortableGit-2.53.0.2-arm64.7z.exe | cd4bb8b1c589051cc5873e900868a31329684ec1a50a55a639bf292c2e2d9580 |
| MinGit-2.53.0.2-64-bit.zip | d4bf83d6a860ccae9af44e508e1e00a39f09db6fa78a9ba5543b94d87ca22a29 |
| MinGit-2.53.0.2-arm64.zip | 842d50edc6bbcf39693e60a8ebb9dabb89b96b932b63aae12d218522b3e497f3 |
| MinGit-2.53.0.2-32-bit.zip | b47bf32db9de7fc9093a9590bc43a15a15b7c2a2070ba84ce0f839021ac2240a |
| MinGit-2.53.0.2-busybox-64-bit.zip | d105843eb1ce4ee543c9d30b1a028867ec662aac80a5b301058bcaa99966d4f0 |
| MinGit-2.53.0.2-busybox-32-bit.zip | 3bfa7417157c5206433abeb24797ad17f1ca1962ddbaffd867e7860920cbf63e |
| Git-2.53.0.2-64-bit.tar.bz2 | b17726d9b0041463a9e7b2bb98103cd6a18447d73b65e7b60c43e7d2fb5dea22 |
| Git-2.53.0.2-arm64.tar.bz2 | 91508bfbeb773806a1f7d9a980b04b136938fa9bbc557e1c9023f34bb54749b0 |