CVE-2025-52467
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-19

Last updated on: 2025-06-23

Assigner: GitHub, Inc.

Description
pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUB_TOKEN with write permissions for the repository, allowing an attacker to tamper with all aspects of the repository, including pushing arbitrary code and releases. This issue has been patched in commit 8eb3567.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-19
Last Modified
2025-06-23
Generated
2026-05-07
AI Q&A
2025-06-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-52467
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-52467 is a critical vulnerability in the pgai Python library's GitHub Actions workflow. The workflow used the 'pull_request_target' event trigger, which runs with full repository secrets and a GITHUB_TOKEN that has write permissions. This allowed an attacker submitting a malicious pull request from a forked repository to execute untrusted code with elevated privileges, exfiltrate all secrets used in the workflow (including the GITHUB_TOKEN), and potentially tamper with the repository by pushing arbitrary code, modifying repository objects, or publishing malicious releases. [2]


How can this vulnerability impact me? :

This vulnerability can have severe impacts including unauthorized access to all secrets used in the workflow, such as the GITHUB_TOKEN with write permissions. An attacker could use these to tamper with the repository by pushing arbitrary code, modifying repository contents, poisoning the codebase, or publishing malicious releases on GitHub and PyPI. This poses a significant supply-chain risk and could compromise the integrity and confidentiality of your codebase and releases. [2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by auditing your GitHub Actions workflows, specifically checking if any workflow uses the `pull_request_target` event trigger with write permissions to repository secrets such as `GITHUB_TOKEN`. You should look for workflows that check out pull request code and run scripts with elevated permissions. Commands to detect this include using GitHub CLI or API to list workflows and their triggers, for example: `gh workflow view <workflow-name> --repo timescale/pgai` or inspecting `.github/workflows/huggingface-dataset.yml` for the `pull_request_target` event. Additionally, reviewing recent workflow runs for suspicious activity or unauthorized secret access can help detect exploitation attempts. [2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include changing the GitHub Actions workflow event trigger from `pull_request_target` to `pull_request` to prevent workflows from running with elevated permissions on untrusted code. Restrict the `GITHUB_TOKEN` permissions to read-only for workflows that do not require write access. Rotate any exposed secrets such as `HUGGINGFACE_HUB_TIMESCALE_TOKEN`. Review and audit all workflow executions and repository activity for signs of compromise. Apply the patch commit 8eb3567 that implements these changes. [2, 1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart