CVE-2025-6600

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpoint. Successful exploitation required an organization administrator to install a malicious GitHub App in the organization’s repositories. This vulnerability impacted only GitHub Enterprise Server version 3.17 and was addressed in version 3.17.2. The vulnerability was reported through the GitHub Bug Bounty program.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.2	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

History

05 Sep 2025, 14:59

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
First Time		Github Github enterprise Server
References	~~() https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.2 -~~	() https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.2 - Release Notes
CPE		cpe:2.3:a:github:enterprise_server::::::::

03 Jul 2025, 15:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-01 19:15

Updated : 2025-09-05 14:59

NVD link : CVE-2025-6600

Mitre link : CVE-2025-6600

CVE.ORG link : CVE-2025-6600

JSON object : View

Products Affected

github

enterprise_server

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2025-6600", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "product-cna@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-01T19:15:28.003", "references": [{"url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.2", "tags": ["Release Notes"], "source": "product-cna@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "product-cna@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpoint. Successful exploitation required an organization administrator to install a malicious GitHub App in the organization\u2019s repositories. This vulnerability impacted only GitHub Enterprise Server version 3.17 and was addressed in version 3.17.2. The vulnerability was reported through the GitHub Bug Bounty program."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial en GitHub Enterprise Server que podr\u00eda permitir a un atacante divulgar los nombres de repositorios privados dentro de una organizaci\u00f3n. Este problema podr\u00eda explotarse mediante un token de usuario a servidor sin alcances a trav\u00e9s del endpoint de la API de b\u00fasqueda. Para explotarlo con \u00e9xito, el administrador de la organizaci\u00f3n tuvo que instalar una aplicaci\u00f3n maliciosa de GitHub en los repositorios de la organizaci\u00f3n. Esta vulnerabilidad afect\u00f3 \u00fanicamente a la versi\u00f3n 3.17 de GitHub Enterprise Server y se solucion\u00f3 en la versi\u00f3n 3.17.2. La vulnerabilidad se report\u00f3 a trav\u00e9s del programa de recompensas por errores de GitHub."}], "lastModified": "2025-09-05T14:59:47.533", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36732E86-7360-4F74-A171-BF8FA7777D43", "versionEndExcluding": "3.17.2", "versionStartIncluding": "3.17.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-cna@github.com"}