A vulnerability was found in dedupeio dedupe. It has been declared as critical. Affected by this vulnerability is the function
issue_comment
of the file github/workflows/benchmark-bot.yml. The manipulation leads to os command injection.
This vulnerability is known as CVE-2025-54430. The attack can be launched remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.