CVE-2025-58178 | SonarSource sonarqube-scan-action up to 5.3.0 Scan GitHub Action command injection (GHSA-f79p-9c5r-xg88)

A vulnerability, which was classified as critical, was found in SonarSource sonarqube-scan-action up to 5.3.0. The impacted element is an unknown function of the component Scan GitHub Action Handler. Such manipulation leads to command injection.

This vulnerability is uniquely identified as CVE-2025-58178. Local access is required to approach this attack. No exploit exists.

You should upgrade the affected component.VulDB Recent EntriesRead More