CVE-2025-3246

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server version 3.16.1

Description An improper neutralization of input issue was identified in GitHub Enterprise Server, allowing cross-site scripting in GitHub Markdown that used $$..$$ math blocks. Exploitation required access to the target GitHub Enterprise Server instance and privileged user interaction with the malicious elements.

Recommendations For version 3.16.1, update to version 3.16.2 to resolve the issue. As a temporary workaround, consider restricting the use of $$..$$ math blocks in GitHub Markdown until the update is applied.