cbcvebase.
CVE-2025-3124
published 2025-04-17

CVE-2025-3124: A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they…

PriorityP424medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.41%
32.6th percentile
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only using the `archived:` filter and all other access controls were functioning normally. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.13.14, 3.14.11, 3.15.6, and 3.16.2.

Affected

9 ranges
VendorProductVersion rangeFixed in
githubenterprise_server< 3.13.143.13.14
githubenterprise_server3.13.0 – 3.13.13
githubenterprise_server>= 3.14.0 < 3.14.113.14.11
githubenterprise_server3.14.0 – 3.14.10
githubenterprise_server>= 3.15.0 < 3.15.63.15.6
githubenterprise_server3.15.0 – 3.15.5
githubenterprise_server>= 3.16.0 < 3.16.23.16.2
githubenterprise_server3.16.0 – 3.16.1
msrcmicrosoft_edge

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_msrc10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.