CVE-2025-23369
Published: 21 January 2025
Summary
CVE-2025-23369 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Github Enterprise Server. Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 6.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-2 (Flaw Remediation).
Deeper analysis
An improper verification of cryptographic signature vulnerability, tracked as CVE-2025-23369 and assigned CWE-347, was identified in GitHub Enterprise Server. The flaw permitted signature spoofing by unauthorized internal users and affected all versions prior to 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0. Instances that did not use SAML single sign-on, or where the attacker was not already an existing user, were not impacted. The issue was reported through the GitHub Bug Bounty program and carries a CVSS 4.0 score of 7.6.
The vulnerability could be exploited over the network by an authenticated user with low privileges in a SAML SSO environment. Successful exploitation enabled spoofing of cryptographic signatures, resulting in high impact to confidentiality and integrity along with limited impact to availability.
Release notes for the fixed versions document that administrators should upgrade GitHub Enterprise Server to 3.12.14, 3.13.10, 3.14.7, 3.15.2, or 3.16.0 to address the issue. The associated EPSS score reached a peak of 0.1239 with a current value of 0.1178.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-3159
Vulnerability details
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were not impacted.…
more
This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0. This vulnerability was reported via the GitHub Bug Bounty program.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper signature verification in SAML SSO context enables signature spoofing by low-priv users, directly facilitating privilege escalation (T1068) and forging of accepted SAML tokens (T1606.002).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of flaws like the improper cryptographic signature verification in GitHub Enterprise Server via patching to vulnerable versions.
Mandates software integrity verification using cryptographic signatures and monitoring for unauthorized changes, directly addressing the signature spoofing vulnerability.
Implements cryptographic mechanisms to protect information integrity, ensuring proper signature verification to prevent spoofing exploited in SAML SSO contexts.