A significant vulnerability in GitHub’s CodeQL actions could have permitted attackers to execute malicious code across hundreds of thousands of repositories. 

The vulnerability, assigned CVE-2025-24362, originated from a publicly exposed GitHub token in workflow artifacts that created a small but exploitable window of opportunity.

The vulnerability was discovered in January 2025 by a security researcher from Praetorian who detected a GitHub token with extensive privileges exposed in debug artifacts of the github/codeql-action repository. 

Overview of GitHub CodeQL Vulnerability 

Despite being valid for only 1.022 seconds, the researcher demonstrated that this narrow timeframe could be exploited through a race condition.

Using a custom-built tool called “artifact_racer.py,” the researcher proved that within this brief window, an attacker could download the artifact, extract the token, and perform repository operations including creating branches, pushing files, and crucially, creating tags:

“If an attacker removed and then added a v3 tag to their malicious commit, every single repository using the default CodeQL workflow would execute their malicious code,” explained the researcher in their report.

The implications were far-reaching due to CodeQL’s widespread adoption.

When users enable CodeQL in their repository settings, GitHub creates a workflow that executes actions from the github/codeql-action repository referenced by specific tags.  Since these tags were not immutable, an attacker could replace them with references to malicious code.

The compromised token had significant privileges, including “Contents: write,” “Actions: write,” and “Packages: write,” allowing for extensive repository manipulation.

The token’s short lifespan proved insufficient as a security barrier. This attack vector presented four primary impact scenarios:

• Exfiltration of source code from private repositories using CodeQL.
• Theft of credentials stored in GitHub Actions secrets.
• Code execution on internal infrastructure running CodeQL workflows.
• Compromise of any workflow using GitHub Actions Cache within repositories that use CodeQL.

Particularly concerning was the potential for “GitHub Actions Cache Poisoning” through tools like Cacheract, which could maintain persistence even after the initial vulnerability was patched. 

The malware would predict cache entries, overwrite them with malicious actions, and gain execution capabilities within workflows using action-cache. High-profile repositories identified as potentially vulnerable included Homebrew, Angular, and Grafana.

Within three hours of the report submission on January 22, 2025, GitHub acknowledged the vulnerability, disabled the problematic workflow, and submitted a pull request to prevent debug artifact uploads. 

Two days later, they assigned CVE-2025-24362 and published an advisory stating they found no evidence of actual exploitation.

The vulnerability was fixed in CodeQL Action version 3.28.3. Security experts recommend several precautions for GitHub Actions users:

• Upload only specific files as workflow artifacts.
• Avoid uploading artifacts containing environment variables.
• Limit GITHUB_TOKEN permissions to read-only.
• Scan artifacts for secrets before uploading.

This vulnerability underscores growing concerns around supply chain attacks targeting CI/CD systems. 

Similar to the recent tj-actions/changed-files incident, it demonstrates how seemingly minor issues in development tooling can cascade into significant security risks for the broader ecosystem.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

The post CodeQLEAKED – GitHub Supply Chain Attack Allows Code Execution Using CodeQL Repositories appeared first on Cyber Security News.