CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-47775: Bullfrog's DNS over TCP bypasses domain filtering

6.2 CVSS

Description

Bullfrog is a GithHb Action to block unauthorized outbound traffic in GitHub workflows. Prior to version 0.8.4, using tcp breaks blocking and allows DNS exfiltration. This can result in sandbox bypass. Version 0.8.4 fixes the issue.

Classification

CVE ID: CVE-2025-47775

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.2

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem Types

CWE-201: Insertion of Sensitive Information Into Sent Data

Affected Products

Vendor: bullfrogsec

Product: bullfrog

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 1.83% (scored less or equal to compared to others)

EPSS Date: 2025-06-12 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-47775
https://github.com/bullfrogsec/bullfrog/security/advisories/GHSA-m32f-fjw2-37v3
https://github.com/bullfrogsec/bullfrog/commit/ae7744ae4b3a6f8ffc2e49f501e30bf1a43d4671
https://github.com/bullfrogsec/bullfrog/releases/tag/v0.8.4

Timeline

2025-05-14 16:40:12 UTC
CVE

Bullfrog's DNS over TCP bypasses domain filtering
2025-05-15 18:15:52 UTC
Github Advisory Database (Actions)

[bullfrogsec/bullfrog] Bullfrog's DNS over TCP bypasses domain filtering