CVE-2025-47775

Exploit

EPSS 0.4%
Veröffentlicht 14.05.2025 15:18:37
Zuletzt bearbeitet 11.07.2025 16:15:04
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Bullfrog's DNS over TCP bypasses domain filtering

Bullfrog is a GithHb Action to block unauthorized outbound traffic in GitHub workflows. Prior to version 0.8.4, using tcp breaks blocking and allows DNS exfiltration. This can result in sandbox bypass. Version 0.8.4 fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bullfrogsec ≫ Bullfrog Version < 0.8.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.315

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
security-advisories@github.com	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-201 Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

https://github.com/bullfrogsec/bullfrog/security/advisories/GHSA-m32f-fjw2-37v3

Vendor Advisory

Exploit

https://github.com/bullfrogsec/bullfrog/commit/ae7744ae4b3a6f8ffc2e49f501e30bf1a43d4671

Patch

https://github.com/bullfrogsec/bullfrog/releases/tag/v0.8.4

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-47775

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-47775

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-47775

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-47775