- Description
- Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in the AdeptLanguage/Adept repository. This issue has been patched in commit a1a41b7.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-200
- Hype score
- Not currently trending
CVE-2025-32958 (CVSS:9.8, CRITICAL) is Awaiting Analysis. Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses act..https://t.co/XJ7dKJQGyJ #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
26 Apr 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32958 (CVSS:9.8, CRITICAL) is Awaiting Analysis. Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses act..https://t.co/XJ7dKJReoh #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
25 Apr 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-32958 ⚠️🔴 CRITICAL (9.8) 🏢 AdeptLanguage - Adept 🏗️ < a1a41b7 🔗 https://t.co/Ujc29p1HlV 🔗 https://t.co/jT5ACRNCHB #CyberCron #VulnAlert #InfoSec https://t.co/ojfSzeeAy8
@cybercronai
22 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-32958: CRITICAL] Adept language had a security vulnerability allowing token extraction prior to workflow end. Vulnerability patched in commit a1a41b7, protecting the repository from attacks.#cve,CVE-2025-32958,#cybersecurity https://t.co/I9PJqQPEN8 https://t.co/fv5No8E5
@CveFindCom
22 Apr 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32958 Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-stan… https://t.co/7V3RJKlHcB
@CVEnew
21 Apr 2025
606 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes