Cross-Site Scripting Vulnerability in GitHub Enterprise Server
CVE-2025-3246

8.6HIGH

Key Information:

Vendor: Github
Status: Github Enterprise Server
Vendor: CVE Published:; 17 April 2025

What is CVE-2025-3246?

A vulnerability was identified in GitHub Enterprise Server that allows for cross-site scripting attacks through improperly neutralized input. Specifically, this issue pertains to the use of $$..$$ math blocks in GitHub Markdown. Attackers with access to the server may exploit this vulnerability to execute malicious scripts, but it requires privileged user interaction for exploitation. The vulnerability has been resolved in version 3.16.2 following a report through the GitHub Bug Bounty program.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GitHub Enterprise Server 3.16 <= 3.16.1

References

https://docs.github.com/en/enterprise-server@3.16/admin/r...

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Apr 3, 2025

Credit

André Storfjord Kristiansen

JSON

Github

What is CVE-2025-3246?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.