What is the severity of CVE-2025-23369?

CVE-2025-23369 has a medium severity level, indicating a moderate impact on security.

How do I fix CVE-2025-23369?

To fix CVE-2025-23369, update GitHub Enterprise Server to a version later than 3.15.2.

Who is affected by CVE-2025-23369?

CVE-2025-23369 affects instances of GitHub Enterprise Server versions earlier than 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0.

Does CVE-2025-23369 affect users using SAML single sign-on?

No, CVE-2025-23369 primarily affects unauthorized internal users not utilizing SAML single sign-on.

Vulnerability/
CVE-2025-23369

medium

6.1

CWE

347

EPSS

0.045%

21/1/2025

5/2/2025

CVE-2025-23369: Improper Verification of Cryptographic Signature in GitHub Enterprise Server Allows Signature Spoofing by Improper Validation

Q: What is the nature of the vulnerability in CVE-2025-23369?

The vulnerability in CVE-2025-23369 is an improper verification of cryptographic signature that allows for signature spoofing.

First published: Tue Jan 21 2025(Updated: )

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0. This vulnerability was reported via the GitHub Bug Bounty program.

Credit: product-cna@github.com

Affected Software	Affected Version	How to fix
GitHub Enterprise Server	<3.12.14
GitHub Enterprise Server	<3.13.10
GitHub Enterprise Server	<3.14.7
GitHub Enterprise Server	<3.15.2
GitHub Enterprise Server	<3.16.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-23369?
CVE-2025-23369 has a medium severity level, indicating a moderate impact on security.
How do I fix CVE-2025-23369?
To fix CVE-2025-23369, update GitHub Enterprise Server to a version later than 3.15.2.
Who is affected by CVE-2025-23369?
CVE-2025-23369 affects instances of GitHub Enterprise Server versions earlier than 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0.
What is the nature of the vulnerability in CVE-2025-23369?
The vulnerability in CVE-2025-23369 is an improper verification of cryptographic signature that allows for signature spoofing.
Does CVE-2025-23369 affect users using SAML single sign-on?
No, CVE-2025-23369 primarily affects unauthorized internal users not utilizing SAML single sign-on.

collector/mitre-cve
source/MITRE
agent/weakness
agent/references
agent/title
agent/first-publish-date
agent/type
agent/description
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/author
agent/severity
agent/last-modified-date
agent/event
agent/source
agent/tags
collector/epss-latest
source/FIRST
agent/epss
vendor/github
canonical/github enterprise server

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.