CVE-2025-11578: 
GitHub Enterprise Server vulnerability analysis and mitigation

A privilege escalation vulnerability was identified in GitHub Enterprise Server (CVE-2025-11578) that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. The vulnerability was discovered through the GitHub Bug Bounty program and affected all versions of GitHub Enterprise Server prior to 3.19 (NVD).

The vulnerability involves a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker could replace system binaries during hook cleanup and execute a payload that adds their own SSH key to the root user's authorized keys. This grants the attacker root SSH access to the server. The vulnerability has been assigned CWE-59 (Improper Link Resolution Before File Access) and requires enterprise admin privileges to exploit (NVD).

If exploited, this vulnerability allows an authenticated Enterprise admin to escalate their privileges and gain root SSH access to the GitHub Enterprise Server appliance. This level of access would give the attacker complete control over the server and its data (NVD).

The vulnerability has been fixed in GitHub Enterprise Server versions 3.14.19, 3.15.14, 3.16.10, 3.17.7 and 3.18.1. Administrators should upgrade their installations to one of these patched versions to mitigate the vulnerability (GitHub Release Notes, GitHub Release Notes, GitHub Release Notes, GitHub Release Notes, GitHub Release Notes).