CVE-2025-59844

Name of the Vulnerable Software and Affected Versions SonarQube versions prior to 6.0.0

Description A command injection issue exists in the SonarQube GitHub Action when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This bypasses a previous security fix and allows arbitrary command execution, potentially leading to exposure of sensitive environment variables and compromise of the runner environment.

Recommendations Upgrade to version 6.0.0 or later.