CVE-2025-6600: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in GitHub GitHub Enterprise Server
An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpoint. Successful exploitation required an organization administrator to install a malicious GitHub App in the organization’s repositories. This vulnerability impacted only GitHub Enterprise Server version 3.17 and was addressed in version 3.17.2. The vulnerability was reported through the GitHub Bug Bounty program.
AI Analysis
Technical Summary
CVE-2025-6600 is a medium-severity vulnerability affecting GitHub Enterprise Server version 3.17.0. The issue involves the exposure of sensitive information, specifically the names of private repositories within an organization. The vulnerability arises from improper access control in the Search API endpoint, which can be exploited by an attacker possessing a user-to-server token with no scopes. However, exploitation requires an organization administrator to have installed a malicious GitHub App in the organization's repositories, which acts as a prerequisite for the attack. Once these conditions are met, the attacker can leverage the Search API to disclose private repository names, violating confidentiality. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). It was responsibly disclosed through the GitHub Bug Bounty program and addressed in GitHub Enterprise Server version 3.17.2. The CVSS v4.0 base score is 6.3, reflecting a medium severity with network attack vector, low complexity, no privileges required, no user interaction, and low impact on confidentiality only. There are no known exploits in the wild at the time of publication.
Potential Impact
For European organizations using GitHub Enterprise Server 3.17.0, this vulnerability poses a risk to the confidentiality of private repository metadata. Disclosure of private repository names could aid attackers in reconnaissance activities, potentially leading to targeted attacks or social engineering campaigns. Although the vulnerability does not directly expose repository contents or allow code execution, the leakage of repository names can reveal sensitive project information, intellectual property interests, or strategic initiatives. This could impact organizations in sectors such as finance, technology, defense, and critical infrastructure, where confidentiality of development projects is paramount. Additionally, the prerequisite of installing a malicious GitHub App means that insider threats or compromised administrators could facilitate exploitation, increasing risk in environments with less stringent app vetting processes. The absence of known exploits reduces immediate risk, but organizations should act promptly to mitigate potential future attacks.
Mitigation Recommendations
European organizations should upgrade GitHub Enterprise Server instances from version 3.17.0 to 3.17.2 or later, where the vulnerability is patched. Administrators must enforce strict controls and vetting procedures for GitHub Apps installation, limiting installation rights to trusted personnel only. Implement monitoring and auditing of GitHub App installations and API usage to detect anomalous behavior indicative of exploitation attempts. Employ the principle of least privilege for tokens and API access, ensuring tokens have minimal scopes and are rotated regularly. Additionally, organizations should conduct internal security awareness training for administrators about the risks of installing untrusted applications. Network-level controls can be applied to restrict access to the GitHub Enterprise Server API endpoints to authorized IP ranges. Finally, maintain an incident response plan that includes procedures for handling suspected compromise of GitHub environments.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Belgium
CVE-2025-6600: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in GitHub GitHub Enterprise Server
Description
An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpoint. Successful exploitation required an organization administrator to install a malicious GitHub App in the organization’s repositories. This vulnerability impacted only GitHub Enterprise Server version 3.17 and was addressed in version 3.17.2. The vulnerability was reported through the GitHub Bug Bounty program.
AI-Powered Analysis
Technical Analysis
CVE-2025-6600 is a medium-severity vulnerability affecting GitHub Enterprise Server version 3.17.0. The issue involves the exposure of sensitive information, specifically the names of private repositories within an organization. The vulnerability arises from improper access control in the Search API endpoint, which can be exploited by an attacker possessing a user-to-server token with no scopes. However, exploitation requires an organization administrator to have installed a malicious GitHub App in the organization's repositories, which acts as a prerequisite for the attack. Once these conditions are met, the attacker can leverage the Search API to disclose private repository names, violating confidentiality. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). It was responsibly disclosed through the GitHub Bug Bounty program and addressed in GitHub Enterprise Server version 3.17.2. The CVSS v4.0 base score is 6.3, reflecting a medium severity with network attack vector, low complexity, no privileges required, no user interaction, and low impact on confidentiality only. There are no known exploits in the wild at the time of publication.
Potential Impact
For European organizations using GitHub Enterprise Server 3.17.0, this vulnerability poses a risk to the confidentiality of private repository metadata. Disclosure of private repository names could aid attackers in reconnaissance activities, potentially leading to targeted attacks or social engineering campaigns. Although the vulnerability does not directly expose repository contents or allow code execution, the leakage of repository names can reveal sensitive project information, intellectual property interests, or strategic initiatives. This could impact organizations in sectors such as finance, technology, defense, and critical infrastructure, where confidentiality of development projects is paramount. Additionally, the prerequisite of installing a malicious GitHub App means that insider threats or compromised administrators could facilitate exploitation, increasing risk in environments with less stringent app vetting processes. The absence of known exploits reduces immediate risk, but organizations should act promptly to mitigate potential future attacks.
Mitigation Recommendations
European organizations should upgrade GitHub Enterprise Server instances from version 3.17.0 to 3.17.2 or later, where the vulnerability is patched. Administrators must enforce strict controls and vetting procedures for GitHub Apps installation, limiting installation rights to trusted personnel only. Implement monitoring and auditing of GitHub App installations and API usage to detect anomalous behavior indicative of exploitation attempts. Employ the principle of least privilege for tokens and API access, ensuring tokens have minimal scopes and are rotated regularly. Additionally, organizations should conduct internal security awareness training for administrators about the risks of installing untrusted applications. Network-level controls can be applied to restrict access to the GitHub Enterprise Server API endpoints to authorized IP ranges. Finally, maintain an incident response plan that includes procedures for handling suspected compromise of GitHub environments.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_P
- Date Reserved
- 2025-06-25T02:29:00.545Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 686432966f40f0eb72905816
Added to database: 7/1/2025, 7:10:14 PM
Last enriched: 7/1/2025, 7:24:33 PM
Last updated: 7/1/2025, 10:01:48 PM
Views: 3
Related Threats
CVE-2025-52463: Cross-site request forgery (CSRF) in QUALITIA CO., LTD. Active! mail 6
LowCVE-2025-52462: Cross-site scripting (XSS) in QUALITIA CO., LTD. Active! mail 6
MediumCVE-2025-6463: CWE-73 External Control of File Name or Path in wpmudev Forminator Forms – Contact Form, Payment Form & Custom Form Builder
HighCVE-2025-6687: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in rexdot Magic Buttons for Elementor
MediumCVE-2025-6686: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in rexdot Magic Buttons for Elementor
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.