Unpacking CodeQLEAKED:

Praetorian Red Team Security Engineer, John Stawinski, recently discovered a vulnerability in GitHub’s CodeQL where a token was exposed for just 1.022 seconds. In that brief window, he was able to demonstrate how an attacker could push code to the CodeQL Actions GitHub repository and modify CodeQL’s trusted tags to gain access to private repositories using CodeQL.

The research highlights GitHub Actions secret exposure, race conditions, and third-party action abuse, leading to CVE-2025-24362.

While GitHub’s rapid response has fixed this vulnerability and found no examples of exploration, it’s existence underscores the importance of CI/CD security vigilance.

Register for this webinar for a comprehensive breakdown of this vulnerability, a walkthrough on how it was discovered, and a demo of how you can find similar vulnerabilities in the future.