CVE-2025-11892: 
GitHub Enterprise Server vulnerability analysis and mitigation

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter (CVE-2025-11892). The vulnerability was discovered on November 10, 2025, affecting all versions of GitHub Enterprise Server prior to 3.18.1, 3.17.7, 3.16.10, 3.15.14, 3.14.19 (NVD).

The vulnerability allows an attacker to execute arbitrary code in the context of other users' browsers by supplying a malicious label value that was injected into the DOM without proper sanitization. This could be triggered when a user visits a crafted Issues search URL. The vulnerability has been assigned a CVSS 4.0 Base Score of 8.6 HIGH with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N (NVD).

Successful exploitation of this vulnerability could lead to session hijacking, account takeover, and recovery code exfiltration. The vulnerability requires an attacker to have access to the target GitHub Enterprise Server instance and to entice a user, while operating in sudo mode, to click on a crafted malicious link to perform actions that require elevated privileges (GitHub Release Notes).

GitHub has released patches for affected versions. Users should upgrade to GitHub Enterprise Server versions 3.18.1, 3.17.7, 3.16.10, 3.15.14, or 3.14.19 to address this vulnerability. Administrators should apply this update promptly to mitigate potential security risks (GitHub Release Notes).