216.73.217.80

CVE-2025-6981

· Published 15/07/2025 21:15 · Modified 16/07/2025 14:58

Labels: CVE-2025-6981 2025-07-15CVE-2025-6981CWE-863[email protected]

Essential information

Published
15/07/2025 21:15
Modified
16/07/2025 14:58
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18 and was fixed in versions 3.14.15, 3.15.10, 3.16.6 and 3.17.3

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
github / github enterprise server cpe:2.3:a:github:github_enterprise_server:<3.18:*:*:*:*:*:*:*
github / github enterprise server cpe:2.3:a:github:github_enterprise_server:3.14.15:*:*:*:*:*:*:*
github / github enterprise server cpe:2.3:a:github:github_enterprise_server:3.15.10:*:*:*:*:*:*:*
github / github enterprise server cpe:2.3:a:github:github_enterprise_server:3.16.6:*:*:*:*:*:*:*
github / github enterprise server cpe:2.3:a:github:github_enterprise_server:3.17.3:*:*:*:*:*:*:*

References