Security updates: Unauthorized access to GitHub Enterprise Server possible
A security vulnerability threatens GitHub Enterprise Server. Admins should install the patched version as soon as possible.
(Image: Tatiana Popova/Shutterstock.com)
Under certain conditions, attackers can attack GitHub Enterprise Server and access information in repositories that is actually sealed off. Secure versions against this are available for download.
Install a security patch
Videos by heise
An entry on the vulnerability (CVE-2025-8447 "high") shows that the developers have repaired GitHub Enterprise Server 3.14.17, 3.15.12, 3.16.8 and 3.17.5. According to the description, attackers need access to certain information from private repositories such as branches or tags in order to exploit the vulnerability. If this is the case, they can use the compare/diff function to bypass authentication and view code in the respective repository.
So far, there are no reports that attacks are already underway. It also remains unclear how to recognize instances that have already been attacked. Admins should ensure that their GitHub servers are up-to-date.
(des)
