CVE-2025-47775 is a medium severity vulnerability identified in the bullfrog GitHub Action, a tool designed to block unauthorized outbound traffic in GitHub workflows. Bullfrog aims to prevent data exfiltration and sandbox escapes by restricting network communications during automated CI/CD pipeline runs. The vulnerability exists in versions prior to 0.8.4, where the use of TCP connections inadvertently breaks the blocking mechanism, allowing DNS exfiltration. This means that an attacker could leverage TCP-based communication to bypass the intended network restrictions, sending sensitive information out of the sandbox environment via DNS queries. The vulnerability is classified under CWE-201, which involves the insertion of sensitive information into sent data, indicating that confidential data could be leaked through these unauthorized DNS requests. The CVSS 3.1 base score is 6.2, reflecting a medium severity level, with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), and no impact on integrity or availability (I:N/A:N). This suggests that an attacker with local access to the GitHub workflow environment can exploit this vulnerability without needing authentication or user interaction, potentially exfiltrating sensitive data without altering system integrity or availability. The issue was addressed in version 0.8.4 of bullfrog, which fixed the TCP handling to prevent this bypass. There are no known exploits in the wild at this time, but the vulnerability poses a significant risk to the confidentiality of data processed in GitHub workflows using affected versions of bullfrog.

For European organizations relying on GitHub Actions for CI/CD pipelines, especially those using bullfrog to enforce network egress controls, this vulnerability presents a risk of sensitive data leakage. The ability to exfiltrate data via DNS queries can compromise intellectual property, credentials, or other confidential information processed during automated workflows. This is particularly critical for organizations in regulated industries such as finance, healthcare, and critical infrastructure, where data confidentiality is paramount. The vulnerability's exploitation does not require elevated privileges or user interaction, increasing the risk of automated or insider threats. Moreover, since GitHub workflows often handle code deployments and infrastructure automation, leaked information could facilitate further attacks or espionage. The impact is compounded by the fact that many European organizations have adopted GitHub Actions for DevOps automation, and the sandbox environment is assumed to be secure. A breach here undermines trust in the CI/CD pipeline security and could lead to compliance violations under GDPR and other data protection regulations if personal or sensitive data is exposed.

European organizations should immediately verify the version of bullfrog used in their GitHub workflows and upgrade to version 0.8.4 or later, where the vulnerability is fixed. Additionally, organizations should audit their GitHub Actions workflows to identify any use of TCP connections that might bypass network restrictions. Implementing strict egress filtering at the network level, such as restricting DNS queries to known, trusted servers and monitoring DNS traffic for anomalies, can help detect or prevent exfiltration attempts. Employing secrets scanning and workflow code reviews can reduce the risk of sensitive data being embedded in workflows. Organizations should also consider isolating critical workflows or using dedicated runners with enhanced network controls. Finally, integrating runtime monitoring tools that detect unusual outbound traffic patterns during CI/CD runs can provide early warning of exploitation attempts.