An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18 and was fixed in versions 3.14.15, 3.15.10, 3.16.6 and 3.17.3
History

Wed, 27 Aug 2025 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


Wed, 16 Jul 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00039}


Tue, 15 Jul 2025 21:00:00 +0000

Type Values Removed Values Added
Description An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18 and was fixed in versions 3.14.15, 3.15.10, 3.16.6 and 3.17.3
Title Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized read-only access
Weaknesses CWE-863
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_P

Published:

Updated: 2025-07-16T19:04:18.464Z

Reserved: 2025-07-01T18:28:24.614Z

Link: CVE-2025-6981

cve-icon Vulnrichment

Updated: 2025-07-16T19:04:13.924Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-15T21:15:34.630

Modified: 2025-08-27T14:41:04.110

Link: CVE-2025-6981

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-16T21:35:28Z