Improper Access Control in GitHub Enterprise Server
CVE-2025-8447

7HIGH

Key Information:

Vendor: Github
Status: Enterprise Server
Vendor: CVE Published:; 26 August 2025

What is CVE-2025-8447?

An improper access control vulnerability discovered in GitHub Enterprise Server allows unauthorized users with access to any repository to retrieve limited code content from another repository. By leveraging the compare/diff functionality, an attacker must know the name of a private repository along with specific branches, tags, or commit SHAs to exploit this flaw. This security flaw impacts all versions of GitHub Enterprise Server before 3.18, which have been remedied in versions 3.14.17, 3.15.12, 3.16.8, and 3.17.5. Continuous vigilance and timely updates are crucial to safeguarding repository integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Enterprise Server 3.14 <= 3.14.16

Enterprise Server 3.15 <= 3.15.11

References

https://docs.github.com/en/enterprise-server@3.14/admin/r...

https://docs.github.com/en/enterprise-server@3.15/admin/r...

https://docs.github.com/en/enterprise-server@3.16/admin/r...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Aug 26, 2025
Vulnerability Reserved
Jul 31, 2025

Credit

furbreeze

JSON

Github

What is CVE-2025-8447?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.