What is CVE-2025-25204?

CVE-2025-25204 is a medium-severity vulnerability in Cli, classified under CWE-390. CVSS score: 6.3/10. Published 2025-02-14.

How severe is CVE-2025-25204?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Vulnerability in Cli

CVE-2025-25204

`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` causes it to return a zero exit status w…

EPSS: 0.002 (43.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N.

Affected products

Cli — versions >= 2.49.0, < 2.67.0

Weakness classification (CWE)

CWE-390

References

https://github.com/cli/cli/security/advisories/GHSA-fgw4-v983-mgp8 (x_refsource_CONFIRM)
https://github.com/cli/cli/issues/10418 (x_refsource_MISC)
https://github.com/cli/cli/pull/10421 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-25204?: CVE-2025-25204 is a medium-severity vulnerability in Cli, classified under CWE-390. CVSS score: 6.3/10. Published 2025-02-14.
How severe is CVE-2025-25204?: Medium severity. CVSS v3 base score is 6.3 out of 10.