GitHub Enterprise Server Multiple Vulnerabilities

Release Date: 12 Nov 2025

RISK: High Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in GitHub Enterprise Server. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution and cross-site scripting on the targeted system.

 

Note:

Proof of Concept exploit code Is publicly available for CVE-2025-49844. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. Hence, the risk level is rated as High Risk.

---

Impact

• Remote Code Execution
• Elevation of Privilege
• Cross-Site Scripting

---

System / Technologies affected

• GitHub Enterprise Server versions prior to 3.18.1

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• Update to GitHub Enterprise Server versions 3.18.1

---

Vulnerability Identifier

• CVE-2025-11892
• CVE-2025-49844

---

Source

• GitHub

---

Related Link

• https://docs.github.com/en/enterprise-server@3.18/admin/release-notes