CVE-2025-52569
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-25

Last updated on: 2025-06-26

Assigner: GitHub, Inc.

Description
GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the `GitHub.repo()` function, the user can provide any string for the `repo_name` field. These inputs are not validated or safely encoded and are sent directly to the server. This means a user can add path traversal patterns like `../` in the input to access any other endpoints on `api.github.com` that were not intended. Users should upgrade immediately to v5.9.1 or later to receive a patch. All prior versions are vulnerable. No known workarounds are available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-25
Last Modified
2025-06-26
Generated
2026-05-07
AI Q&A
2025-06-25
EPSS Evaluated
2026-05-05
NVD
CVE-2025-52569
EUVD
EUVD-2025-19117
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in GitHub.jl versions prior to 5.9.1, where the GitHub.repo() function does not validate or safely encode the user-provided repo_name input. This allows an attacker to include path traversal sequences like '../' in the repo_name, enabling unauthorized access to unintended endpoints on the api.github.com server. Essentially, improper input validation leads to potential URL manipulation and access to restricted API endpoints. [1]


How can this vulnerability impact me? :

The vulnerability can allow an attacker to access API endpoints on api.github.com that were not intended to be accessible through the GitHub.jl interface. This unauthorized access could lead to exposure of sensitive information or unintended interactions with the GitHub API, potentially compromising data integrity or confidentiality. Users of affected versions should upgrade immediately to mitigate these risks. [1]


What immediate steps should I take to mitigate this vulnerability?

Upgrade GitHub.jl to version 5.9.1 or later immediately, as this version includes fixes that validate and sanitize user inputs to prevent path traversal attacks. No workarounds are available, so upgrading is the only effective mitigation. [1, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart