The Sysdig Menace Analysis Group (TRT) has found CVE-2025-32955, a now-patched vulnerability in Harden-Runner, one of the well-liked GitHub Motion CI/CD safety instruments. Exploiting this vulnerability permits an attacker to bypass Harden-Runner’s disable-sudo safety mechanism, successfully evading detection inside the steady integration/steady supply (CI/CD) pipeline underneath sure circumstances. To mitigate this threat, customers are strongly suggested to replace to the newest model.
The CVE has been assigned a CVSS v3.1 base rating of 6.0.
To raised perceive the preliminary vulnerability discovery and impression of the safety vulnerability, which may have an effect on different CI/CD safety merchandise, let’s discover the Sysdig TRT’s findings.
Overview of Harden-Runner
Harden-Runner is an open supply GitHub Motion written in TypeScript that improves the safety of GitHub Motion workflows by hardening working jobs’ environments. Its purpose is to assist defenders shield these runners from untrusted workflow abuse, which is very necessary in open supply and public repositories. Harden-Runner could be very simple to make use of, which explains why it was adopted so rapidly by a large variety of public and personal repositories. A consumer can begin utilizing Harden-Runner by including an preliminary step to the job they want to shield, as proven beneath:
steps:
- makes use of: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf
with:
egress-policy: auditCode language: PHP (php)When utilizing GitHub-hosted runners, every job runs in an ephemeral digital machine (VM). The runner course of contained in the VM is liable for executing all of the steps declared within the workflow file, which permits customers to construct, check, launch, and carry out extra duties on their software program.
The group tier Harden-Runner GitHub Motion installs the step-security agent, a Go utility that gives runtime visibility. By putting in this element inside the VM processing the job’s steps, the consumer can entry all kinds of options. An important options, related for each this text and adopters of the motion, are as follows:
- Auditing or blocking community egress site visitors primarily based on IPs or DNS domains
- Disabling
sudoentry for the Linuxrunnerconsumer account contained in the protected job VM
Are your GitHub Actions safe?
The current tj-actions/changed-files compromise (CVE-2025-30066) shook the safety group, exposing the CI/CD secrets and techniques of hundreds of repositories to public logs – a discovery for which we should thank StepSecurity. The assault was found by way of the anomaly detection options offered by the Harden-Runner GitHub Motion. It is a broadly adopted safety measure used to guard in opposition to provide chain assaults.
In safety, we’re taught to query every little thing’s validity. In that spirit, let’s ask a easy query: How efficient is that this safety answer? Does it present an extra layer of safety, or is it simple for a talented attacker to bypass the safety insurance policies it’s implementing? By answering these questions and exploring the bypass we discovered, we hope to offer stronger safety measures to guard CI/CD workflows working on GitHub Actions.
CVE-2025-32955: Bypassing the disable-sudo characteristic of Harden-Runner
Because of the nature of GitHub Actions, attackers can achieve code execution inside the VMs working the roles in a large number of the way. The Sysdig TRT inspected the open-source code for the group tier StepSecurity agent, trying to audit Harden-Runner’s resilience. Specifically, we tried to grasp how the detection and prevention of connections to IPs and DNS domains had been carried out. Moreover, we needed to see how the agent disables sudo entry for the Linux runner consumer account (which is identical consumer executing the runner utility processing the steps of our job).
For the primary half, TRT noticed that IP auditing and blocking are carried out utilizing IPtables guidelines. It is a conventional technique for implementing firewall guidelines, and plenty of applied sciences leverage it. As we are able to see, there are a couple of guidelines being set right here.
Alternatively, DNS monitoring and blocking are dealt with by a customized DNS Proxy server, which is initialized within the dnsproxy.go file. The server will run in a separate goroutine, listening for incoming DNS requests. To redirect all DNS queries of processes contained in the VM, the agent stops the systemd-resolved service and rewrites the /and many others/resolv.conf file to make use of the native IP deal with for DNS decision. The unique configuration is backed as much as /tmp/resolved.conf, and the service is then restarted. Upon restart, the service picks up the brand new configuration, permitting the agent to watch any DNS queries made within the system and doubtlessly block them if configured to take action.
Lastly, concerning the implementation of the disable-sudo coverage, we are able to see that the agent limits itself to shifting the sudoers file utilized by the Linux runner consumer account to/tmp/runner. The sudoers file is learn each time sudo is executed and is used to retrieve the instructions {that a} consumer might run with elevated privileges. Within the case of GitHub-hosted runners, the Linux runner consumer account can run any command, as said within the default /and many others/sudoers.d/runner file. Transferring the file from this location means disabling sudo for this consumer.
Digging deeper into how the GitHub-hosted VM is configured, we observed that the Linux runner consumer account belongs to the docker group. Because of this it’s a root-equivalent consumer. Being a member of this group permits the consumer to speak by way of the Docker socket to the Docker daemon, a privileged course of on the host. This enables the consumer to conduct privileged actions, similar to working privileged root containers and mounting the complete host file system into the container. Disabling sudo to stop root entry turned out to be an inadequate safety measure. It have to be famous that the Linux runner consumer account have to be within the Docker group, and this can’t be modified by the consumer. It is because, amongst different issues, the actions {that a} authentic consumer might need to run may be a container.
Placing all of it collectively, to bypass disable-sudo, an attacker may simply execute the next instructions:
docker run --rm --privileged -v /:/host ubuntu bash -c "cp /host/tmp/runner /host/and many others/sudoers.d/runner"
Code language: PHP (php)After the execution of those instructions, an attacker can proceed to carry out operations as a root consumer utilizing sudo contained in the runner. This implies having the ability to run instructions with the identical stage of privilege because the agent, restoring community configurations to disable any safety mechanism in place with out being detected by Harden-Runner.
Impacts and mitigation
CVE-2025-32955 has been assigned a CVSS v3.1 base rating of 6.0.
The integrity and availability of the Harden-Runner GitHub Motion are impacted by this vulnerability:
- Integrity: By exploiting the vulnerability and gaining sudo entry inside the
runner, the attacker can modify information and community configurations to disable safety mechanisms in a managed method, thereby compromising the system’s integrity. - Availability: With sudo entry, the attacker can disrupt or intrude with safety mechanisms and monitoring processes, doubtlessly rendering them ineffective with out detection.
CVE-2025-32955 is remediated in Tougher-Runner model v2.12.0, which was launched on April 21, 2025. We strongly advise updating to this model or above to mitigate this safety threat.
Conclusion
Provide chain assaults and associated threats are a high precedence for contemporary safety groups and builders, and they’re rapidly turning into a favourite tactic for attackers. By exploiting CVE-2025-32955, an attacker may stay undetected and practically unrestricted in a workflow that makes use of Harden-Runner, one of the broadly adopted instruments in GitHub Actions CI/CD environments. By bypassing the agent’s disable-sudo safety mechanism, the attacker can escalate privileges and disable safety controls, permitting the assault to proceed undisturbed till found.
Disclosure Timeline
January 20, 2025 — The Sysdig TRT reported the safety situation to StepSecurity
January 21, 2025 — StepSecurity acknowledged the reported situation
April 21, 2025 — StepSecurity launched model v2.12.0 to repair the safety situation
April 21, 2025 — Public disclosure through GitHub Safety Advisory (GHSA)
