CVE-2025-54430 | dedupeio dedupe benchmark-bot.yml issue_comment os command injection

Inserito da Angelo Barbosa | Lug 30, 2025 | CVE

A vulnerability was found in dedupeio dedupe. It has been declared as critical. Affected by this vulnerability is the function issue_comment of the file github/workflows/benchmark-bot.yml. The manipulation leads to os command injection.

This vulnerability is known as CVE-2025-54430. The attack can be launched remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2025-54430 | dedupeio dedupe benchmark-bot.yml issue_comment os command injection

Post correlati

CVE-2024-21625 | SideQuest Desktop Application up to 0.10.34 Custom Protocol input validation (GHSA-3v86-cf9q-x4x7)

CVE-2025-22224 | VMware Workstation out-of-bounds write

CVE-2024-23767 | HMS Anybus X-Gateway AB7832-F 3 HICP Protocol improper authentication

CVE-2024-6481 | Search & Filter Pro Plugin up to 2.5.17 on WordPress Setting cross site scripting