CVE-2025-23369: 
GitHub Enterprise Server vulnerability analysis and mitigation

A critical vulnerability (CVE-2025-23369) with a CVSSv4 score of 7.6 was identified in GitHub Enterprise Server that allows attackers to bypass SAML authentication. The vulnerability was discovered in early 2025 and affects instances using SAML single sign-on authentication (Security Online).

The vulnerability stems from improper verification of cryptographic signatures in GitHub Enterprise Server's SAML implementation, specifically related to quirks in the libxml2 library used for parsing SAML responses. The flaw allows attackers to manipulate XML entities and the structure of SAML responses to trick the XPath query into selecting attacker-controlled elements instead of the root element, leading to authentication bypass (Security Online).

The vulnerability enables attackers to gain unauthorized access to GitHub Enterprise accounts, potentially compromising private repositories and sensitive source code, and escalate privileges within an organization's GitHub environment. This poses a significant risk to organizations using GitHub Enterprise with SAML authentication enabled (Security Online).

GitHub has addressed the vulnerability in their latest update. Organizations using GitHub Enterprise with SAML authentication are strongly advised to review their authentication configurations and apply the available patches immediately (Security Online).

The security researcher Hakivvi shared details about the vulnerability on Twitter, stating "Just finished my writeup about CVE-2025-23369, an interesting SAML authentication bypass on GitHub Enterprise Server I reported last year." The disclosure has generated significant attention in the cybersecurity community (Security Online).