WEBINAR
Praetorian Staff Security Engineer, John Stawinski, recently discovered a vulnerability in GitHub’s CodeQL where a token was exposed for just 1.022 seconds. In that brief window, he was able to demonstrate how an attacker could push code to the CodeQL Actions GitHub repository and modify CodeQL’s trusted tags to gain access to private repositories using CodeQL.
The research highlights GitHub Actions secret exposure, race conditions, and third-party action abuse, leading to CVE-2025-24362.
While GitHub’s rapid response has fixed this vulnerability and found no evidence of exploitation, its existence underscores the importance of CI/CD security vigilance.
This webinar offers a comprehensive breakdown of this vulnerability, a walkthrough on how it was discovered, and a demo of how you can find similar vulnerabilities in the future.
Catch our latest exploits, news, articles, and events.
Privacy Policy | Responsible Disclosure Policy | Terms of Service | Terms and Conditions
Copyright © 2025. All Rights Reserved.