AI description
CVE-2025-23369 refers to a vulnerability discovered in GitHub Enterprise Server. This flaw allows unauthorized internal users to spoof cryptographic signatures. This vulnerability stems from improper verification of these signatures. This vulnerability allows signature spoofing for unauthorized internal users. Exploit code targeting libxml2 vulnerabilities has been developed for this CVE.
- Description
- An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0. This vulnerability was reported via the GitHub Bug Bounty program.
- Source
- product-cna@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 7.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- product-cna@github.com
- CWE-347
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Threat Alert: repz ret: Abusing libxml2 quirks to bypass SAML authentication on GitHub Enterpr CVE-2024-4985 CVE-2025-23369 Severity: 🟡 Medium Maturity: 🧨 Trending Learn more: https://t.co/XMF61zq1xZ #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
11 Feb 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2024-0012/CVE-2024-9474: Auth Bypass in PAN-OS Web Interface https://t.co/SgNOxX5gde 2. CVE-2025-23369: GitHub Entreprise Server SAML auth bypass https://t.co/iCGbLYz9rt 3. CVE-2022-45460: ROPing our way to RCE https://t.co/GzC2JZCb2N
@ksg93rd
11 Feb 2025
90 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23369: A Critical Cryptographic Vulnerability in GitHub Enterprise Server https://t.co/7Zwq1OGWDm #CyberSecurity #Infosec #GitHub #vulnerable #exploit #hacking #VAPT #security #IT #BusinessGrowth #business
@VAPTernInc
10 Feb 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
repz ret: Abusing libxml2 quirks to bypass SAML authentication on GitHub Enterprise (CVE-2025-23369) https://t.co/077CbMX6IM
@buaqbot
10 Feb 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-12754 2 - CVE-2025-23369 3 - CVE-2024-46982 4 - CVE-2025-23419 5 - CVE-2025-20124 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
10 Feb 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23369:An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server .. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0. PoC https://t.co/EpQsG6oath
@cyber_advising
10 Feb 2025
3416 Impressions
15 Retweets
55 Likes
21 Bookmarks
0 Replies
0 Quotes
Abusing libxml2 quirks to bypass SAML authentication on GitHub Enterprise (CVE-2025-23369) https://t.co/VxtgWJXFn0
@Tinolle1955
9 Feb 2025
62 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Abusing libxml2 quirks to bypass SAML authentication on GitHub Enterprise (CVE-2025-23369) https://t.co/H15RRnX2QD
@tbbhunter
9 Feb 2025
658 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
Abusing libxml2 quirks to bypass SAML authentication on GitHub Enterprise (CVE-2025-23369) https://t.co/3extQiQzOj
@cyb3rf034r3ss
9 Feb 2025
96 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
repz ret: Abusing libxml2 quirks to bypass SAML authentication on GitHub Enterprise (CVE-2025-23369) https://t.co/GB4M3dIsTT
@akaclandestine
9 Feb 2025
891 Impressions
1 Retweet
4 Likes
4 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-23369 2 - CVE-2025-23419 3 - CVE-2025-21298 4 - CVE-2024-21413 5 - CVE-2013-2678 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
9 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub Entreprise Server SAML authentication bypass (CVE-2025-23369) exploit https://t.co/uZs0fiThry https://t.co/fDrgoEO5VS
@Mr_Dark55
9 Feb 2025
593 Impressions
1 Retweet
12 Likes
5 Bookmarks
0 Replies
0 Quotes
GitHub - hakivvi/CVE-2025-23369: GitHub Entreprise Server SAML authentication bypass (CVE-2025-23369) exploit - https://t.co/3tuTK7F2e3
@piedpiper1616
9 Feb 2025
3634 Impressions
29 Retweets
69 Likes
25 Bookmarks
0 Replies
1 Quote
CVE-2025-23369 Signature Spoofing Vulnerability in GitHub Enterprise Server https://t.co/K28VZmOypH Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
8 Feb 2025
68 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Just finished my writeup about CVE-2025-23369, an interesting SAML authentication bypass on GitHub Enterprise Server I reported last year. you can read about it here: https://t.co/Ee61EoACtE https://t.co/mYNjXhExlp
@hakivvi
8 Feb 2025
18947 Impressions
67 Retweets
345 Likes
222 Bookmarks
8 Replies
1 Quote