CVE-2025-6600
published 2025-07-01CVE-2025-6600: An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private…
PriorityP420medium4.3CVSS 3.1
AVNACLPRNUIRSUCLINAN
EPSS
0.27%
19.1th percentile
An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpoint. Successful exploitation required an organization administrator to install a malicious GitHub App in the organization’s repositories. This vulnerability impacted only GitHub Enterprise Server version 3.17 and was addressed in version 3.17.2. The vulnerability was reported through the GitHub Bug Bounty program.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github | enterprise_server | >= 3.17.0 < 3.17.2 | 3.17.2 |
| github | github_enterprise_server | 3.17.0 – 3.17.1 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv4.06.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mpx5-6w72-2g32: An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of pr
ghsa_unreviewed·2025-07-01
CVE-2025-6600 [MEDIUM] CWE-200 GHSA-mpx5-6w72-2g32: An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of pr
An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpoint. Successful exploitation required an organization administrator to install a malicious GitHub App in the organization’s repositories. This vulnerability impacted only GitHub Enterprise Server version 3.17 and was addressed in version 3.17.2. The vulnerability was reported through the GitHub Bug Bounty program.
Red Hat
kernel: drm/amd/display: Assign normalized_pix_clk when color depth = 14
vendor_redhat·2025-04-01·CVSS 5.5
CVE-2025-21956 [MEDIUM] kernel: drm/amd/display: Assign normalized_pix_clk when color depth = 14
kernel: drm/amd/display: Assign normalized_pix_clk when color depth = 14
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Assign normalized_pix_clk when color depth = 14
[WHY & HOW]
A warning message "WARNING: CPU: 4 PID: 459 at ... /dc_resource.c:3397
calculate_phy_pix_clks+0xef/0x100 [amdgpu]" occurs because the
display_color_depth == COLOR_DEPTH_141414 is not handled. This is
observed in Radeon RX 6600 XT.
It is fixed by assigning pix_clk * (14 * 3) / 24 - same as the rests.
Also fixes the indentation in get_norm_pix_clk.
(cherry picked from commit 274a87eb389f58eddcbc5659ab0b180b37e92775)
Package: kernel (Red Hat Enterprise Linux 10) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Lin
No detection rules found.
No public exploits indexed.
2025-07-01
Published