CVE-2025-32955 - Harden-Runner `disable-sudo` Policy Bypass via Docker Group on GitHub Actions

Harden-Runner is a security agent designed to protect your Continuous Integration and Deployment (CI/CD) workflows in GitHub Actions. It works much like an endpoint security (EDR) tool, monitoring and enforcing policies on self-hosted GitHub Actions runners. Among its features is the disable-sudo policy, which stops the runner user from running commands as root using sudo.

However, versions .12. to before 2.12. were vulnerable due to a critical oversight, tracked as CVE-2025-32955. Let's break down how this bug worked, why it was dangerous, and how you should protect your pipelines.

Understanding Harden-Runner and disable-sudo

When you enable the disable-sudo policy, Harden-Runner removes the runner user from the sudoers file. The expectation is that even if a malicious actor manages to run code in a job, they cannot escalate privileges on the runner using sudo.

Snipppet of the intended protection

policies:
  disable-sudo: true

Actual enforcement

# As run by Harden-Runner
sed -i '/runner/d' /etc/sudoers

The Docker Group: A Privilege Timebomb

Here's the issue: on most GitHub Actions setups, the runner user is also part of the docker group. This means any process running as runner can communicate directly with the Docker daemon—effectively unrestricted root access.

Why?
Using the Docker group is equivalent to root access because you can mount the entire host filesystem, run privileged containers, and essentially control the server.

Exploit Details: Bypassing disable-sudo Policy

Even after being removed from sudoers, a malicious workflow can regain root access by spinning up a privileged Docker container or by directly modifying the host, for example restoring the sudoers file.

run: |

docker run --rm -v /:/mnt ubuntu chroot /mnt bash -c "echo 'runner ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers"

`

This mounts the host's root filesystem into a container, modifies /etc/sudoers, and thus the next command run by runner will have sudo restored.

`

End Result: Any attacker controlling GitHub Actions workflow scripts can bypass the disable-sudo policy and perform actions as root on the host.

Patch and Mitigation

The Harden-Runner team patched this in version 2.12. by correctly accounting for the Docker group issue and applying defense-in-depth mitigations. You *must* upgrade to 2.12. or later.

Upgrade Recommendation

# Check your version
harden-runner --version

# Upgrade to latest
pip install --upgrade harden-runner

To further secure your actions runners

- Review group memberships: Remove the runner user from the docker group unless truly necessary.

References

- GitHub Advisory: GHSA-XXXX-XXXX-XXXX (example)
- Release Notes: Harden-Runner Releases
- Docker Group as Root: "Why being in the docker group is equivalent to root"
- Official CVE Record: CVE-2025-32955 (Coming Soon)

Conclusion

If you use Harden-Runner to lock down your CI/CD pipelines on GitHub Actions, you may have been exposed to a privilege escalation bug if you rely on disable-sudo alone. Because the runner user could interact with Docker, attackers could easily bypass this restriction and regain root control. Harden-Runner version 2.12. and later close this loophole—update now to stay secure!

Stay safe, and always audit your automation environments for hidden privilege escalation paths!


*This post was written exclusively for raising awareness about CI/CD runner security in plain language. Links and code are current as of June 2024.*

Timeline

Published on: 04/21/2025 21:15:20 UTC
Last modified on: 04/23/2025 14:08:13 UTC