CVE-2025-30066
KEVtj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
8.6
HighPublished:
Last updated:
Source:cve@mitre.org
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Changed
- Confidentiality
- High
- Integrity
- None
- Availability
- None
Description
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)
References
cve@mitre.org
https://blog.gitguardian.com/compromised-tj-actions/cve@mitre.org
https://github.com/rackerlabs/genestack/pull/903cve@mitre.org
https://github.com/tj-actions/changed-files/blob/45fb12d7a8bedb4da42342e52fe054c6c2c3fd73/README.md?plain=1#L20-L28cve@mitre.org
https://news.ycombinator.com/item?id=43367987cve@mitre.org
https://news.ycombinator.com/item?id=43368870cve@mitre.org
https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/cve@mitre.org
https://sysdig.com/blog/detecting-and-mitigating-the-tj-actions-changed-files-supply-chain-attack-cve-2025-30066/cve@mitre.org
https://web.archive.org/web/20250315060250/https://github.com/tj-actions/changed-files/issues/2463cve@mitre.org
https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromisedcve@mitre.org
https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066af854a3a-2127-422b-91ae-364da2661108
https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30066