CVE-2025-6981 – GitHub Enterprise Server Unauthorized Read Access Vulnerability

CVE ID : CVE-2025-6981

Published : July 15, 2025, 9:15 p.m. | 1 hour, 18 minutes ago

Description : An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18 and was fixed in versions 3.14.15, 3.15.10, 3.16.6 and 3.17.3

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…