CVE-2025-54416 Overview
CVE-2025-54416 is a critical command injection vulnerability discovered in the tj-actions/branch-names GitHub Action, a widely-used workflow component that retrieves branch or tag names with support for all GitHub events. In versions 8.2.1 and below, a fundamental flaw in input sanitization enables arbitrary command execution in downstream workflows. The vulnerability stems from inconsistent input sanitization and unescaped output, allowing malicious actors to exploit specially crafted branch names or tags to execute arbitrary commands within CI/CD pipelines.
Critical Impact
This vulnerability enables attackers to execute arbitrary commands in downstream workflows by crafting malicious branch or tag names, potentially compromising CI/CD pipelines, exposing secrets, and enabling supply chain attacks.
Affected Products
- tj-actions/branch-names versions 8.2.1 and below
- GitHub Actions workflows consuming tj-actions/branch-names outputs
- CI/CD pipelines using vulnerable versions of the action
Discovery Timeline
- 2025-07-26 - CVE-2025-54416 published to NVD
- 2025-07-29 - Last updated in NVD database
Technical Details for CVE-2025-54416
Vulnerability Analysis
This command injection vulnerability (CWE-77) exists in the tj-actions/branch-names GitHub Action due to a critical gap between internal sanitization mechanisms and the handling of action outputs. While the action implements some internal sanitization, the outputs passed to consuming workflows remain vulnerable to injection attacks. This creates a dangerous scenario where downstream workflows implicitly trust the action's outputs and use them in shell commands or workflow expressions without additional validation.
The attack surface is particularly concerning in the GitHub Actions context because branch and tag names are often user-controlled inputs in open-source repositories. An attacker with repository write access or the ability to create pull requests from forks could craft a branch name containing shell metacharacters or command substitution syntax that gets executed when the consuming workflow processes the unsanitized output.
Root Cause
The root cause is inconsistent input sanitization combined with unescaped output handling. The tj-actions/branch-names action retrieves branch or tag names from GitHub event contexts and provides them as outputs for downstream workflows. While internal processing may apply some sanitization, the final outputs exposed to consuming workflows do not properly escape or neutralize shell-significant characters. This allows specially crafted branch names containing shell metacharacters (such as backticks, $() command substitution, semicolons, or pipe characters) to be interpreted as commands when used in shell contexts.
Attack Vector
The attack vector is network-based and requires low privileges to execute. An attacker can exploit this vulnerability by:
- Creating a branch or tag with a malicious name containing shell injection payloads
- Triggering a workflow that uses the vulnerable tj-actions/branch-names action
- The action outputs the unsanitized branch name to consuming workflows
- Downstream workflows that use the output in shell commands or run steps execute the injected commands
The vulnerability allows for changed scope, meaning a successful exploit in one workflow can impact resources and secrets accessible to other workflows or the broader CI/CD environment. This includes potential access to repository secrets, deployment credentials, and the ability to modify build artifacts.
The malicious branch name could contain payloads that exfiltrate environment variables and secrets, modify source code or build outputs, establish persistence through workflow modifications, or pivot to connected systems using compromised credentials. Organizations using this action in automated pipelines for deployments are at heightened risk of supply chain compromise.
Detection Methods for CVE-2025-54416
Indicators of Compromise
- Unexpected workflow runs triggered by branches with unusual naming patterns containing shell metacharacters
- Repository secrets or environment variables appearing in workflow logs or external locations
- Anomalous outbound network connections from GitHub Actions runners
- Unexpected modifications to workflow files or repository contents following branch creation events
Detection Strategies
- Audit GitHub Actions workflows for usage of tj-actions/branch-names at versions 8.2.1 or below
- Monitor repository activity for branch or tag names containing suspicious characters such as backticks, $(), semicolons, or pipe symbols
- Review workflow run logs for unexpected command execution patterns or error messages indicating injection attempts
- Implement GitHub Advanced Security code scanning to detect vulnerable action versions in workflow files
Monitoring Recommendations
- Enable GitHub audit logs and monitor for unusual workflow execution patterns
- Configure alerts for new branches or tags with names matching shell injection patterns
- Monitor for workflow runs that access secrets unexpectedly or exhibit anomalous behavior
- Implement workflow run monitoring to detect unusual execution times or resource usage indicative of malicious activity
How to Mitigate CVE-2025-54416
Immediate Actions Required
- Upgrade tj-actions/branch-names to version 9.0.0 or later immediately across all repositories
- Audit all workflow files that consume outputs from tj-actions/branch-names for proper input validation
- Review recent workflow runs for any signs of exploitation, particularly those triggered by unusually named branches
- Rotate any secrets that may have been exposed in workflows using the vulnerable action version
Patch Information
The vulnerability has been addressed in tj-actions/branch-names version 9.0.0. The fix implements proper output escaping and sanitization to prevent command injection through crafted branch or tag names. The security patch is available through the GitHub Release v9.0.0. Technical details of the fix can be reviewed in the associated commit. Additional context and security guidance is available in the GitHub Security Advisory GHSA-gq52-6phf-x2r6.
Workarounds
- Pin the action to a specific commit hash of version 9.0.0 or later to prevent unintended version changes
- Implement additional input validation in consuming workflows by sanitizing any outputs before use in shell commands
- Use GitHub's built-in environment variable escaping mechanisms when passing branch names to shell contexts
- Consider implementing branch name policies that reject names containing shell metacharacters at the repository level
# Update action reference in workflow files
# Replace vulnerable versions:
# uses: tj-actions/branch-names@v8.2.1
# With the patched version:
# uses: tj-actions/branch-names@v9.0.0
# Or pin to the specific secure commit:
# uses: tj-actions/branch-names@e497ceb8ccd43fd9573cf2e375216625bc411d1f
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
