Vulnerability in Github Enterprise Server
CVE-2025-11578
A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By cra…
EPSS: 0.006 (43.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Github Enterprise Server — versions 3.14, 3.15, 3.16
- Github Enterprise_server
Weakness classification (CWE)
References
- product-cna@github.com (Release Notes, Vendor Advisory)
- product-cna@github.com (Release Notes, Vendor Advisory)
- product-cna@github.com (Release Notes, Vendor Advisory)
- product-cna@github.com (Release Notes, Vendor Advisory)
- product-cna@github.com (Release Notes, Vendor Advisory)
Frequently asked questions
- What is CVE-2025-11578?
- CVE-2025-11578 is a high-severity vulnerability in Github Enterprise Server, classified under Improper Link Resolution Before File Access. CVSS score: 7.2/10. Published 2025-11-10.
- How severe is CVE-2025-11578?
- High severity. CVSS v3 base score is 7.2 out of 10.