CVE-2025-61584 in serverless-dns
Summary
by MITRE • 09/30/2025
serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action interpolates in an unsafe manner untrusted input, specifically the github.event.pull_request.head.repo.clone_url and github.head_ref, to a command in the runner. Due to the action using the pull_request_target trigger it has permissive permissions by default. An unauthorized attacker can exploit this vulnerability to push arbitrary data to the repository. The subsequent impact on the end-user is executing the attackers' code when running serverless-dns. This is fixed in commit c5537dd, and expected to be released in 0.1.31.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 09/30/2025
The vulnerability identified as CVE-2025-61584 affects serverless-dns, a DNS resolver designed for deployment across multiple serverless platforms including Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. This issue resides within the project's GitHub Actions workflow configuration specifically in the pr.yml file that utilizes the pull_request_target trigger mechanism. The vulnerability stems from unsafe command interpolation practices where untrusted input from github.event.pull_request.head.repo.clone_url and github.head_ref environment variables is directly incorporated into shell commands executed by the GitHub Actions runner without proper sanitization or validation.
The technical flaw represents a classic command injection vulnerability categorized under CWE-78, which occurs when untrusted data is inserted into a command string without appropriate escaping or filtering mechanisms. The pull_request_target trigger in GitHub Actions presents a unique risk because it executes workflows in the context of the base repository rather than the forked repository, providing the workflow with elevated permissions by default. This design choice allows the workflow to access secrets, write permissions, and other sensitive resources that would normally be restricted in a standard pull_request trigger scenario.
The operational impact of this vulnerability extends beyond simple code injection to encompass full repository compromise and potential supply chain attacks. An unauthorized attacker who gains control of a malicious pull request can exploit the unsafe interpolation to push arbitrary data to the repository, potentially including malicious code, backdoors, or modified dependencies. When end users deploy serverless-dns, they unknowingly execute the attacker's code, creating a persistent threat vector that could lead to data exfiltration, service disruption, or further compromise of systems running the affected software. The vulnerability affects all versions through 0.1.30, with the fix implemented in commit c5537dd scheduled for release in version 0.1.31.
Mitigation strategies should focus on immediate remediation through the updated version and implementation of secure coding practices in CI/CD pipelines. Organizations should enforce strict input validation and sanitization for all external inputs, particularly those derived from GitHub environment variables. The use of pull_request_target should be carefully evaluated and restricted to trusted repositories only, as it inherently presents elevated privilege risks. Additionally, implementing proper access controls, secret management, and least-privilege principles in GitHub Actions workflows can significantly reduce the attack surface. The vulnerability aligns with ATT&CK technique T1059.001 for command and scripting interpreter and T1505.003 for serverless execution, highlighting the need for comprehensive security controls in modern cloud-native development environments.