CVE-2025-3509

Pre-Receive Hook Remote Code Execution vulnerability was identified in GitHub Enterprise Server that allowing Privilege Escalation

Severity Score

7.1

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE

A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. The vulnerability involves using dynamically allocated ports that become temporarily available, such as during a hot patch upgrade. This means the vulnerability is only exploitable during specific operational conditions, which limits the attack window. Exploitation required either site administrator permissions to enable and configure pre-receive hooks or a user with permissions to modify repositories containing pre-receive hooks where this functionality was already enabled. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.16.2, 3.15.6, 3.14.11, 3.13.14. This vulnerability was reported via the GitHub Bug Bounty program.

*Credits: R31n

CVSS Scores

GitHubv4 7.1

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

Present

Privileges Required

High

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

Low

Integrity

High

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-10 CVE Reserved
2025-04-17 CVE Published
2025-04-17 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

CAPEC-137: Parameter Injection

References (4)

URL	Tag	Source
https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.14	Release Notes
https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.11	Release Notes
https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.6	Release Notes
https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.2	Release Notes

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
GitHub Search vendor "GitHub"		Enterprise Server Search vendor "GitHub" for product "Enterprise Server"				>= 3.13.0 <= 3.13.13 Search vendor "GitHub" for product "Enterprise Server" and version " >= 3.13.0 <= 3.13.13"		en		Affected
GitHub Search vendor "GitHub"		Enterprise Server Search vendor "GitHub" for product "Enterprise Server"				>= 3.14.0 <= 3.14.10 Search vendor "GitHub" for product "Enterprise Server" and version " >= 3.14.0 <= 3.14.10"		en		Affected
GitHub Search vendor "GitHub"		Enterprise Server Search vendor "GitHub" for product "Enterprise Server"				>= 3.15.0 <= 3.15.5 Search vendor "GitHub" for product "Enterprise Server" and version " >= 3.15.0 <= 3.15.5"		en		Affected
GitHub Search vendor "GitHub"		Enterprise Server Search vendor "GitHub" for product "Enterprise Server"				>= 3.16.0 <= 3.16.1 Search vendor "GitHub" for product "Enterprise Server" and version " >= 3.16.0 <= 3.16.1"		en		Affected