CVE-2025-3124
published 2025-04-17CVE-2025-3124: A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they…
PriorityP424medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.41%
32.6th percentile
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only using the `archived:` filter and all other access controls were functioning normally. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.13.14, 3.14.11, 3.15.6, and 3.16.2.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github | enterprise_server | < 3.13.14 | 3.13.14 |
| github | enterprise_server | 3.13.0 – 3.13.13 | — |
| github | enterprise_server | >= 3.14.0 < 3.14.11 | 3.14.11 |
| github | enterprise_server | 3.14.0 – 3.14.10 | — |
| github | enterprise_server | >= 3.15.0 < 3.15.6 | 3.15.6 |
| github | enterprise_server | 3.15.0 – 3.15.5 | — |
| github | enterprise_server | >= 3.16.0 < 3.16.2 | 3.16.2 |
| github | enterprise_server | 3.16.0 – 3.16.1 | — |
| msrc | microsoft_edge | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_msrc10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fvw7-7rxq-453v: A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that the
ghsa_unreviewed·2025-04-18
CVE-2025-3124 [MEDIUM] CWE-862 GHSA-fvw7-7rxq-453v: A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that the
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only using the `archived:` filter and all other access controls were functioning normally. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.13.14, 3.14.11, 3.15.6, and 3.16.2.
Microsoft
Chromium: CVE-2025-2135 Type Confusion in V8
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-2135 [HIGH] Chromium: CVE-2025-2135 Type Confusion in V8
Chromium: CVE-2025-2135 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
134.0.3124.62
3/12//2025
134.0.6998.89
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your M
Microsoft
Chromium: CVE-2025-2136 Use after free in Inspector
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-2136 [HIGH] Chromium: CVE-2025-2136 Use after free in Inspector
Chromium: CVE-2025-2136 Use after free in Inspector
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
134.0.3124.62
3/12//2025
134.0.6998.89
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In
Microsoft
Chromium: CVE-2025-1920 Type Confusion in V8
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-1920 [HIGH] Chromium: CVE-2025-1920 Type Confusion in V8
Chromium: CVE-2025-1920 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
134.0.3124.62
3/12//2025
134.0.6998.89
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your M
Microsoft
Chromium: CVE-2025-24201 Out of bounds write in GPU on Mac
vendor_msrc·2025-03-11·CVSS 10.0
CVE-2025-24201 [CRITICAL] Chromium: CVE-2025-24201 Out of bounds write in GPU on Mac
Chromium: CVE-2025-24201 Out of bounds write in GPU on Mac
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Google is aware of reports that an exploit for CVE-2025-24201 exists in the wild.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
134.0.3124.62
3/12//2025
134.0.6998.89
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edg
Microsoft
Chromium: CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo on Windows
vendor_msrc·2025-03-11·CVSS 8.3
CVE-2025-2783 [HIGH] Chromium: CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo on Windows
Chromium: CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo on Windows
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
134.0.3124.93
3/26/2025
134.0.6998.177/.178
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulner
Microsoft
Chromium: CVE-2025-2137 Out of bounds read in V8
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-2137 [HIGH] Chromium: CVE-2025-2137 Out of bounds read in V8
Chromium: CVE-2025-2137 Out of bounds read in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
134.0.3124.62
3/12//2025
134.0.6998.89
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In yo
Microsoft
Chromium: CVE-2025-2476 Use after free in Lens
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-2476 [HIGH] Chromium: CVE-2025-2476 Use after free in Lens
Chromium: CVE-2025-2476 Use after free in Lens
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
134.0.3124.83
3/21/2025
134.0.6998.117/.118
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-17
Published