{"id":1065,"date":"2025-04-23T06:09:35","date_gmt":"2025-04-23T06:09:35","guid":{"rendered":"http:\/\/localhost\/?p=1065"},"modified":"2025-04-23T06:09:35","modified_gmt":"2025-04-23T06:09:35","slug":"cve-2025-32955-harden-runner-evasion-of-disable-sudo-policy","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=1065","title":{"rendered":"CVE-2025-32955 Harden-Runner Evasion of &#8216;disable-sudo&#8217; policy"},"content":{"rendered":"<div class=\"vulnerability-details\">\n<h2>Vulnerability Details<\/h2>\n<div class=\"info-section\">\n<h3>Basic Information<\/h3>\n<table class=\"info-table\">\n<tr>\n<th>Title<\/th>\n<td>CVE-2025-32955 Harden-Runner Evasion of &#8216;disable-sudo&#8217; policy<\/td>\n<\/tr>\n<tr>\n<th>Type<\/th>\n<td>vulnrichment<\/td>\n<\/tr>\n<tr>\n<th>Published<\/th>\n<td>2025-04-21T20:45:58<\/td>\n<\/tr>\n<tr>\n<th>Last Seen<\/th>\n<td>2025-04-22T03:25:07<\/td>\n<\/tr>\n<tr>\n<th>CVSS Score<\/th>\n<td style=\"color: #ffcc00; font-weight: bold;\">6.0 (MEDIUM)<\/td>\n<\/tr>\n<\/table><\/div>\n<div class=\"cvss-section\">\n<h3>CVSS v3 Details<\/h3>\n<table class=\"cvss-table\">\n<tr>\n<th>Attack Vector<\/th>\n<td>LOCAL<\/td>\n<\/tr>\n<tr>\n<th>Attack Complexity<\/th>\n<td>LOW<\/td>\n<\/tr>\n<tr>\n<th>Privileges Required<\/th>\n<td>HIGH<\/td>\n<\/tr>\n<tr>\n<th>User Interaction<\/th>\n<td>NONE<\/td>\n<\/tr>\n<tr>\n<th>Scope<\/th>\n<td>UNCHANGED<\/td>\n<\/tr>\n<tr>\n<th>Confidentiality Impact<\/th>\n<td>NONE<\/td>\n<\/tr>\n<tr>\n<th>Integrity Impact<\/th>\n<td>HIGH<\/td>\n<\/tr>\n<tr>\n<th>Availability Impact<\/th>\n<td>HIGH<\/td>\n<\/tr>\n<\/table><\/div>\n<div class=\"cve-section\">\n<h3>CVE Information<\/h3>\n<table class=\"cve-table\">\n<tr>\n<th>CVE IDs<\/th>\n<td>CVE-2025-32955<\/td>\n<\/tr>\n<tr>\n<th>CWE<\/th>\n<td>CWE-268, CWE-269<\/td>\n<\/tr>\n<tr>\n<th>Bulletin Family<\/th>\n<td>cve<\/td>\n<\/tr>\n<\/table><\/div>\n<div class=\"description-section\">\n<h3>Description<\/h3>\n<div class=\"description-content\">\n            Harden-Runner is a CI\/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sudo` bypass. Harden-Runner includes a policy option `disable-sudo` to prevent the GitHub Actions runner user from using sudo. This is implemented by removing the runner user from the sudoers file. However, this control can be bypassed as the runner user, being part of the docker group, can interact with the Docker daemon to launch privileged containers or access the host filesystem. This allows the attacker to regain root access or restore the sudoers file, effectively bypassing the restriction. This issue has been patched in version 2.12.0.\n        <\/div>\n<\/p><\/div>\n<div class=\"impact-section\">\n<h3>Impact Assessment<\/h3>\n<table class=\"impact-table\">\n<tr>\n<th>Base Score<\/th>\n<td>6.0<\/td>\n<\/tr>\n<tr>\n<th>Severity<\/th>\n<td style=\"color: #ffcc00;\">MEDIUM<\/td>\n<\/tr>\n<\/table><\/div>\n<div class=\"source-link\">\n<p><a href=\"https:\/\/github.com\/cisagov\/vulnrichment\/blob\/develop\/2025\/32xxx\/CVE-2025-32955.json\" target=\"_blank\">View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n<style>\n.vulnerability-details {\n    font-family: Arial, sans-serif;\n    max-width: 1200px;\n    margin: 0 auto;\n    padding: 20px;\n}<\/p>\n<p>.info-section, .cvss-section, .cve-section, .description-section, .impact-section {\n    margin-bottom: 30px;\n    background: #f8f9fa;\n    padding: 20px;\n    border-radius: 8px;\n    box-shadow: 0 2px 4px rgba(0,0,0,0.1);\n}<\/p>\n<p>h2 {\n    color: #2c3e50;\n    border-bottom: 2px solid #3498db;\n    padding-bottom: 10px;\n    margin-bottom: 20px;\n}<\/p>\n<p>h3 {\n    color: #34495e;\n    margin-bottom: 15px;\n}<\/p>\n<p>.info-table, .cvss-table, .cve-table, .impact-table {\n    width: 100%;\n    border-collapse: collapse;\n    margin-bottom: 20px;\n}<\/p>\n<p>.info-table th, .cvss-table th, .cve-table th, .impact-table th {\n    background: #e9ecef;\n    padding: 12px;\n    text-align: left;\n    width: 200px;\n}<\/p>\n<p>.info-table td, .cvss-table td, .cve-table td, .impact-table td {\n    padding: 12px;\n    border-bottom: 1px solid #dee2e6;\n}<\/p>\n<p>.description-content {\n    line-height: 1.6;\n    color: #2c3e50;\n}<\/p>\n<p>.source-link {\n    text-align: center;\n    margin-top: 30px;\n}<\/p>\n<p>.source-link a {\n    display: inline-block;\n    padding: 10px 20px;\n    background: #3498db;\n    color: white;\n    text-decoration: none;\n    border-radius: 5px;\n    transition: background 0.3s;\n}<\/p>\n<p>.source-link a:hover {\n    background: #2980b9;\n}\n<\/style>\n","protected":false},"excerpt":{"rendered":"<p>Vulnerability Details Basic Information Title CVE-2025-32955 Harden-Runner Evasion of &#8216;disable-sudo&#8217; policy Type vulnrichment Published 2025-04-21T20:45:58 Last Seen 2025-04-22T03:25:07 CVSS Score 6.0 (MEDIUM) CVSS v3 Details&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,37,12,21,13,7,11,5,27],"class_list":["post-1065","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-60","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability","tag-vulnrichment"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CVE-2025-32955 Harden-Runner Evasion of &#039;disable-sudo&#039; policy - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=1065\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2025-32955 Harden-Runner Evasion of &#039;disable-sudo&#039; policy - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Vulnerability Details Basic Information Title CVE-2025-32955 Harden-Runner Evasion of &#8216;disable-sudo&#8217; policy Type vulnrichment Published 2025-04-21T20:45:58 Last Seen 2025-04-22T03:25:07 CVSS Score 6.0 (MEDIUM) CVSS v3 Details...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=1065\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-23T06:09:35+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1065#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1065\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"CVE-2025-32955 Harden-Runner Evasion of &#8216;disable-sudo&#8217; policy\",\"datePublished\":\"2025-04-23T06:09:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1065\"},\"wordCount\":190,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-6.0\",\"exploit\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\",\"vulnrichment\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=1065#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1065\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1065\",\"name\":\"CVE-2025-32955 Harden-Runner Evasion of 'disable-sudo' policy - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-04-23T06:09:35+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1065#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=1065\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1065#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CVE-2025-32955 Harden-Runner Evasion of &#8216;disable-sudo&#8217; policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVE-2025-32955 Harden-Runner Evasion of 'disable-sudo' policy - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=1065","og_locale":"en_US","og_type":"article","og_title":"CVE-2025-32955 Harden-Runner Evasion of 'disable-sudo' policy - zero redgem","og_description":"Vulnerability Details Basic Information Title CVE-2025-32955 Harden-Runner Evasion of &#8216;disable-sudo&#8217; policy Type vulnrichment Published 2025-04-21T20:45:58 Last Seen 2025-04-22T03:25:07 CVSS Score 6.0 (MEDIUM) CVSS v3 Details...","og_url":"https:\/\/zero.redgem.net\/?p=1065","og_site_name":"zero redgem","article_published_time":"2025-04-23T06:09:35+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=1065#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=1065"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"CVE-2025-32955 Harden-Runner Evasion of &#8216;disable-sudo&#8217; policy","datePublished":"2025-04-23T06:09:35+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=1065"},"wordCount":190,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-6.0","exploit","MEDIUM","news","Security","tapic","Vulnerability","vulnrichment"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=1065#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=1065","url":"https:\/\/zero.redgem.net\/?p=1065","name":"CVE-2025-32955 Harden-Runner Evasion of 'disable-sudo' policy - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-04-23T06:09:35+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=1065#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=1065"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=1065#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"CVE-2025-32955 Harden-Runner Evasion of &#8216;disable-sudo&#8217; policy"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/1065","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1065"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/1065\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1065"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1065"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1065"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}