CVE-2025-54430 is a critical OS command injection vulnerability affecting the dedupe Python library, which is used for fuzzy matching, deduplication, and entity resolution on structured data. The vulnerability resides specifically in the GitHub Actions workflow file .github/workflows/benchmark-bot.yml prior to commit 3f61e79. This workflow listens for issue_comment events containing the @benchmark trigger. When triggered, it checks out a branch corresponding to the GitHub issue number (github.event.issue.number). Because this branch name is derived from user-controlled input (issue number) and is not properly sanitized, an attacker can manipulate the branch name to inject malicious OS commands. This leads to execution of arbitrary code within the GitHub Actions runner environment. The workflow uses the GITHUB_TOKEN with write permissions, including repository contents scope, which means that exploitation can result in repository takeover, code injection, and exfiltration of secrets. The vulnerability does not require authentication or user interaction beyond posting a specially crafted comment on an issue or pull request. The CVSS v3.1 score is 9.1 (critical), reflecting the high impact on confidentiality and integrity, with network attack vector, low attack complexity, and no privileges or user interaction required. The issue was fixed in commit 3f61e79 by sanitizing inputs and preventing untrusted code execution. No known exploits in the wild have been reported yet.

For European organizations using the dedupe library, especially those integrating it within CI/CD pipelines on GitHub, this vulnerability poses a severe risk. Exploitation could lead to unauthorized code execution in build environments, allowing attackers to exfiltrate sensitive tokens like GITHUB_TOKEN, modify source code, inject backdoors, or take over repositories. This can compromise the integrity of software supply chains, leading to widespread downstream impacts. Organizations relying on dedupe for data processing or entity resolution may face data confidentiality breaches if attackers gain access to internal data or credentials stored in repositories. The risk is heightened for organizations with open or collaborative GitHub repositories where external contributors can comment or open issues, as this provides an attack vector. Given the critical severity and ease of exploitation, European enterprises must prioritize patching and workflow review to prevent potential supply chain attacks and intellectual property theft.

1. Immediately update dedupe to version 3f61e79 or later, which contains the fix for this vulnerability. 2. Review and sanitize all inputs used in GitHub Actions workflows, especially those derived from user-generated content such as issue numbers or comments. 3. Limit the permissions of GITHUB_TOKEN in workflows to the minimum necessary scopes; avoid granting write access to repository contents unless absolutely required. 4. Implement branch protection rules and restrict who can create branches or trigger workflows in repositories using dedupe. 5. Monitor GitHub Actions logs for unusual activity or unexpected workflow runs triggered by issue comments. 6. Consider isolating workflows that run untrusted code in separate environments with limited access to secrets and tokens. 7. Educate developers and DevOps teams about secure GitHub Actions practices and the risks of command injection via workflow inputs.