Improper Access Control in GitHub Enterprise Server
CVE-2025-8447

7HIGH

Key Information:

Vendor: Github
Status: Enterprise Server
Vendor: CVE Published:; 26 August 2025

What is CVE-2025-8447?

An improper access control vulnerability discovered in GitHub Enterprise Server allows unauthorized users with access to any repository to retrieve limited code content from another repository. By leveraging the compare/diff functionality, an attacker must know the name of a private repository along with specific branches, tags, or commit SHAs to exploit this flaw. This security flaw impacts all versions of GitHub Enterprise Server before 3.18, which have been remedied in versions 3.14.17, 3.15.12, 3.16.8, and 3.17.5. Continuous vigilance and timely updates are crucial to safeguarding repository integrity.

Affected Version(s)

Enterprise Server 3.14 <= 3.14.16

Enterprise Server 3.15 <= 3.15.11

References

https://docs.github.com/en/[email protected]/admin/r...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2025
Vulnerability Reserved
Jul 31, 2025

Credit

furbreeze

Github

What is CVE-2025-8447?

Affected Version(s)

References

CVSS V4

Timeline

Credit