PT-2025-46217 · Github · Github Enterprise Server
Inspector-Ambitious
·
Published
2025-11-10
·
Updated
2025-12-08
·
CVE-2025-11578
CVSS v4.0
7.5
High
| Vector | AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
GitHub Enterprise Server versions prior to 3.19
GitHub Enterprise Server versions 3.14.19
GitHub Enterprise Server versions 3.15.14
GitHub Enterprise Server versions 3.16.10
GitHub Enterprise Server versions 3.17.7
GitHub Enterprise Server versions 3.18.1
Description
A privilege escalation issue exists in GitHub Enterprise Server. An authenticated Enterprise admin could obtain root SSH access to the appliance by exploiting a symlink escape within pre-receive hook environments. An attacker could create a malicious repository and environment to replace system binaries during hook cleanup. This allows execution of a payload that adds the attacker’s SSH key to the root user’s authorized keys, granting root SSH access. Exploitation requires enterprise admin privileges.
Recommendations
Update to GitHub Enterprise Server version 3.14.19
Update to GitHub Enterprise Server version 3.15.14
Update to GitHub Enterprise Server version 3.16.10
Update to GitHub Enterprise Server version 3.17.7
Update to GitHub Enterprise Server version 3.18.1
Update to GitHub Enterprise Server version 3.19 or later
Fix
LPE
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Github Enterprise Server