Summary: Security researcher Hakivvi has identified a significant vulnerability (CVE-2025-23369) affecting SAML authentication in GitHub Enterprise, enabling attackers to bypass security checks and gain unauthorized access. The flaw is rooted in the libxml2 library, which can be exploited to manipulate SAML responses. GitHub has released a fix, and organizations are urged to apply patches immediately to mitigate risks.
Affected: GitHub Enterprise
Keypoints :
- Vulnerability CVE-2025-23369 allows attackers to bypass SAML authentication in GitHub Enterprise.
- The issue originates from the libxml2 libraryβs handling of XML entities used in SAML responses.
- Organizations should review their authentication configurations and apply patches to the latest GitHub update to secure their systems.