CodeQLEAKED: GitHub Supply Chain Attack Enables Code Execution via CodeQL Repositories

A recent discovery has revealed a potential supply chain attack vulnerability in GitHub’s CodeQL repositories, which could have led to wide-ranging consequences for hundreds of thousands of GitHub users.

The exploit hinges on a publicly exposed secret found in a GitHub Actions workflow artifact, which, if utilized by an attacker, could allow malicious code execution in multiple repositories.

Despite GitHub’s assertions that no compromise occurred, the severity of this vulnerability highlights the ongoing challenges in maintaining the security of continuous integration and continuous delivery (CI/CD) environments.

Background on CodeQL and GitHub Actions

CodeQL is GitHub’s powerful code analysis engine designed to identify vulnerabilities in repository code.

It has been instrumental in discovering several hundred CVEs, protecting organizations from potential breaches. However, this same critical role makes it an attractive target for attackers looking to exploit vulnerabilities.

GitHub Actions, on the other hand, is the platform’s CI/CD tool. It automates workflows for building, testing, and deploying code across repositories.

These workflows often rely on tokens like the GITHUB_TOKEN to authenticate and interact with GitHub. Tokens with high privileges pose significant risks if compromised.

The Vulnerability: “CodeQLEAKED”

In January 2025, security researchers embarked on a project to explore potential vulnerabilities in GitHub Actions workflows.

This investigation used a custom-built Actions Artifact Secrets Scanner, which downloaded and scanned GitHub Actions artifacts for exposed secrets.

The scanner uncovered a GitHub App installation token buried within an artifact from the github/codeql-action repository. This token, although valid for only a short duration, had full write permissions.

The exposed secret posed a risk because it was stored in an artifact uploaded during a workflow job using the v4 artifact upload API.

This allowed potential attackers to retrieve the artifact and extract the token before the workflow job completed. The crux of the vulnerability was the race against time: attackers had about two seconds to exploit the token before it expired.

Proving the Vulnerability

To demonstrate the exploit’s potential, researchers created a Python script named artifact_racer.py.

This tool continuously monitored the github/codeql-action repository for specific workflows, downloaded associated artifacts when detected, extracted the GITHUB_TOKEN, and used it to create a new branch and push an empty file to the branch.

The successful execution of these actions within the two-second window confirmed that an attacker could indeed exploit the vulnerability for malicious purposes.

Impact of the Vulnerability

The implications of this vulnerability are far-reaching. If an attacker could manipulate the github/codeql-action repository by adding malicious code and tags, they could compromise hundreds of thousands of repositories that enable CodeQL.

This could involve:

1. Intellectual Property Exfiltration: Repositories using default CodeQL settings would execute malicious actions allowing attackers to access sensitive code.
2. Supply Chain Attacks: By modifying tags used in CodeQL actions, attackers could inject malicious code into any dependency relying on these tags.
3. GitHub Actions Secrets Compromise: With code execution capabilities, attackers could potentially exfiltrate sensitive secrets stored in GitHub Actions workflows.

The discovery was responsibly disclosed to GitHub, which investigated and acknowledged the vulnerability as CVE-2025-24362.

Despite no reported compromises, the situation highlights the importance of vigilant monitoring and secure practices in managing CI/CD environments.

The “CodeQLEAKED” incident underscores the challenges in securing complex software ecosystems like GitHub.

It emphasizes the need for robust secret management practices, timely vulnerability disclosure, and strict monitoring of workflow artifacts to prevent similar supply chain attacks.

As code repositories increasingly depend on automation tools like GitHub Actions and analysis engines like CodeQL, ensuring their integrity is crucial for protecting intellectual property and maintaining security across digital ecosystems.

Are you from SOC/DFIR Teams? – Analyse Malware, Phishing Incidents & get live Access with ANY.RUN -> Start Now for Free.