CVE-2025-67727

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.0-alpha.2

Description Parse Server is an open source backend deployable on Node.js infrastructures. A GitHub CI workflow can be triggered in a manner that grants elevated permissions to the GitHub Actions workflow, providing access to GitHub secrets and write permissions defined within the workflow. Code originating from a fork or lifecycle scripts may be included. The affected area is limited to the repository's CI/CD infrastructure, including public GitHub forks with GitHub Actions enabled.

Recommendations Update Parse Server to version 8.6.0-alpha.2 or later.