QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-23369

Back to search

CVE-2025-23369

Published: Jan 21, 2025

Modified: Feb 12, 2025

PUBLISHED

Description

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0. This vulnerability was reported via the GitHub Bug Bounty program.

VendorProductVersions

GitHub

Enterprise Server

affected
3.12.0 - <= 3.12.13
affected
3.13.0 - <= 3.13.9
affected
3.14.0 - <= 3.14.6
affected
3.15.0 - <= 3.15.1
unaffected
3.16.0

Weaknesses (CWE)

CWE-347

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now