ghsa-mxr3-8whj-j74r
Vulnerability from github
Summary
Harden-Runner includes a policy option disable-sudo to prevent the GitHub Actions runner user from using sudo. This is implemented by removing the runner user from the sudoers file. However, this control can be bypassed as the runner user, being part of the docker group, can interact with the Docker daemon to launch privileged containers or access the host filesystem. This allows the attacker to regain root access or restore the sudoers file, effectively bypassing the restriction.
For an attacker to bypass this control, they would first need the ability to run their malicious code (e.g., by a supply chain attack similar to tj-actions or exploiting a Pwn Request vulnerability)) on the runner. This vulnerability has been fixed in Harden-Runner version v2.12.0.
Impact
An attacker with the ability to run their malicious code on a runner configured with disable-sudo: true can escalate privileges to root using Docker, defeating the intended security control.
Affected Configuration
• Harden-Runner configurations that use disable-sudo: true on GitHub-hosted runners or on ephemeral self-hosted VM-based runners.
• This issue does not apply to Kubernetes-based Actions Runner Controller (ARC) Harden-Runner.
Mitigation / Fix
This vulnerability has been fixed in Harden-Runner version v2.12.0. Users should migrate to the stronger disable-sudo-and-containers policy. This setting:
• Disables sudo access,
• Removes access to dockerd and containerd sockets,
• Uninstalls Docker from the runner entirely, preventing container-based privilege escalation paths.
Additional Improvements
• The disable-sudo option will be deprecated in the future, as it does not sufficiently restrict privilege escalation on its own.
• Harden-Runner now includes detections to alert on attempts to evade the disable-sudo policy.
Credits
Reported by @loresuso and @darryk10. We would like to thank them for collaborating with us to mitigate the vulnerability.
{
"affected": [
{
"package": {
"ecosystem": "GitHub Actions",
"name": "step-security/harden-runner"
},
"ranges": [
{
"events": [
{
"introduced": "0.12.0"
},
{
"fixed": "2.12.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-32955"
],
"database_specific": {
"cwe_ids": [
"CWE-250",
"CWE-268",
"CWE-272"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-22T01:07:03Z",
"nvd_published_at": "2025-04-21T21:15:20Z",
"severity": "MODERATE"
},
"details": "### Summary\nHarden-Runner includes a policy option `disable-sudo` to prevent the GitHub Actions runner user from using sudo. This is implemented by removing the runner user from the sudoers file. However, this control can be bypassed as the runner user, being part of the docker group, can interact with the Docker daemon to launch privileged containers or access the host filesystem. This allows the attacker to regain root access or restore the sudoers file, effectively bypassing the restriction. \n\nFor an attacker to bypass this control, they would first need the ability to run their malicious code (e.g., by a supply chain attack similar to tj-actions or exploiting a Pwn Request vulnerability)) on the runner. This vulnerability has been fixed in Harden-Runner version `v2.12.0`.\n\n### Impact\nAn attacker with the ability to run their malicious code on a runner configured with `disable-sudo: true` can escalate privileges to root using Docker, defeating the intended security control.\n\n### Affected Configuration\n\u2022\tHarden-Runner configurations that use `disable-sudo: true` on GitHub-hosted runners or on ephemeral self-hosted VM-based runners.\n\u2022\tThis issue does not apply to Kubernetes-based Actions Runner Controller (ARC) Harden-Runner.\n\n### Mitigation / Fix\nThis vulnerability has been fixed in Harden-Runner version `v2.12.0`. Users should migrate to the stronger `disable-sudo-and-containers` policy. This setting:\n\u2022\tDisables sudo access,\n\u2022\tRemoves access to dockerd and containerd sockets,\n\u2022\tUninstalls Docker from the runner entirely, preventing container-based privilege escalation paths.\n\n\n### Additional Improvements\n\u2022\tThe `disable-sudo` option will be deprecated in the future, as it does not sufficiently restrict privilege escalation on its own. \n\u2022\tHarden-Runner now includes detections to alert on attempts to evade the `disable-sudo` policy.\n\n\n### Credits\nReported by @loresuso and @darryk10. We would like to thank them for collaborating with us to mitigate the vulnerability.",
"id": "GHSA-mxr3-8whj-j74r",
"modified": "2025-04-22T01:07:03Z",
"published": "2025-04-22T01:07:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/step-security/harden-runner/security/advisories/GHSA-mxr3-8whj-j74r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32955"
},
{
"type": "WEB",
"url": "https://github.com/step-security/harden-runner/commit/0634a2670c59f64b4a01f0f96f84700a4088b9f0"
},
{
"type": "PACKAGE",
"url": "https://github.com/step-security/harden-runner"
},
{
"type": "WEB",
"url": "https://github.com/step-security/harden-runner/releases/tag/v2.12.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Harden-Runner allows evasion of \u0027disable-sudo\u0027 policy"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.