Platform
nodejs
Component
node.js
Fixed in
8.6.1
8.5.1
CVE-2025-67727 is a critical remote code execution (RCE) vulnerability affecting Parse Server versions up to 8.5.0. A misconfigured GitHub CI workflow allows the workflow to gain elevated permissions, granting access to sensitive GitHub secrets and write capabilities. This vulnerability primarily impacts repositories utilizing GitHub Actions and poses a significant risk to data and system integrity.
The core of this vulnerability lies in the way Parse Server's CI workflow is triggered. Prior to version 8.6.0-alpha.2, the workflow is executed with elevated privileges, effectively granting it access to GitHub secrets – including API keys, passwords, and other sensitive information. An attacker could exploit this to inject malicious code into the CI/CD pipeline, potentially gaining control over the entire repository. This includes the ability to modify code, steal credentials, and compromise the integrity of the application. The blast radius extends to any public GitHub forks utilizing the affected Parse Server version and GitHub Actions, as the attacker could inject malicious code into the fork's CI/CD process.
CVE-2025-67727 was publicly disclosed on December 12, 2025. While no public exploits have been reported as of this writing, the vulnerability's critical severity and the ease of exploitation via GitHub Actions suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV, but its potential impact warrants close monitoring. The vulnerability's reliance on GitHub Actions makes it particularly relevant to organizations heavily utilizing this CI/CD platform.
Exploit Status
EPSS
0.07% (21% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-67727 is to immediately upgrade Parse Server to version 8.6.0-alpha.2 or later. This version includes a fix that restricts the CI workflow's permissions, preventing unauthorized access to secrets. If an immediate upgrade is not feasible, consider temporarily disabling the affected CI/CD workflows within the GitHub repository. Review and audit all GitHub Actions workflows to ensure proper permission configurations and restrict access to sensitive secrets. Implement stricter access controls for GitHub repositories to limit the potential impact of a successful exploit.
Update Parse Server to version 8.6.0-alpha.2 or later. This corrects the remote code execution (RCE) vulnerability caused by improper privilege management in the GitHub CI workflow. The update mitigates the risk of unauthorized access to GitHub secrets and write permissions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-67727 is a critical vulnerability in Parse Server versions up to 8.5.0 that allows unauthorized access to GitHub secrets via a flawed CI workflow, potentially leading to remote code execution.
If you are using Parse Server version 8.5.0 or earlier and have enabled GitHub Actions for your CI/CD pipeline, you are likely affected by this vulnerability.
Upgrade Parse Server to version 8.6.0-alpha.2 or later to remediate the vulnerability. Consider disabling affected CI/CD workflows as a temporary workaround.
While no public exploits have been reported, the vulnerability's critical severity and ease of exploitation suggest a high probability of exploitation.
Refer to the official Parse Server security advisory for detailed information and updates: [https://github.com/parse/parse-server/security/advisories/GHSA-xxxx-xxxx-xxxx](https://github.com/parse/parse-server/security/advisories/GHSA-xxxx-xxxx-xxxx) - Replace with actual advisory URL.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.