A potential supply chain attack on GitHub CodeQL started simply: a publicly exposed secret, valid for 1.022 seconds at a time.

In that second, an attacker could take a series of steps that would allow them to execute code within a GitHub Actions workflow in most repositories using CodeQL, GitHub’s code analysis engine trusted by hundreds of thousands of repositories. The impact would reach both public GitHub (GitHub Cloud) and GitHub Enterprise.

If backdooring GitHub Actions sounds familiar, that’s because it’s exactly what threat actors did in the recent tj-actions/changed-files supply chain attack. Imagine that very same supply chain attack, but instead of backdooring actions in tj-actions, they backdoored actions in GitHub CodeQL.

An attacker could use this to:

1. Compromise intellectual property by exfiltrating the source code of private repositories using CodeQL.
2. Steal credentials within GitHub Actions secrets of workflow jobs using CodeQL and leverage those secrets to execute further supply chain attacks.
3. Execute code on internal infrastructure running CodeQL workflows.
4. Compromise GitHub Actions secrets of workflows using the GitHub Actions Cache within a repo that uses CodeQL.

This is the story of how we uncovered an exposed secret leading to a race condition, a potential supply chain attack, and CVE-2025-24362.

Click to read the full blog that I wrote for Praetorian.