The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog.
The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote attacker to access sensitive data via actions logs.
“The tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading actions logs,” CISA said in an alert.
“These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens (PATs), npm tokens, and private RSA keys.”
Cloud security company Wiz has since revealed that the attack may have been an instance of a cascading supply chain attack, with unidentified threat actors first compromising the reviewdog/action-setup@v1 GitHub Action to infiltrate tj-actions/changed-files.
“tj-actions/eslint-changed-files uses reviewdog/action-setup@v1, and the tj-actions/changed-files repository runs this tj-actions/eslint-changed-files Action with a Personal Access Token,” Wiz researcher Rami McCarthy said. “The reviewdog Action was compromised during roughly the same time window as the tj-actions PAT compromise.”
It’s currently not clear how this took place. But the compromise is said to have occurred on March 11, 2025. The breach of tj-actions/changed-files happened at some point before March 14.
This means that the infected reviewdog action could be used to insert malicious code into any CI/CD workflows using it, in this case a Base64-encoded payload that’s appended to a file named install.sh used by the workflow.
Like in the case of tj-actions, the payload is designed to expose secrets from repositories running the workflow in logs. The issue impacts only one tag (v1) of reviewdog/action-setup.
The maintainers of tj-actions have disclosed that the attack was the result of a compromised Github Personal Access Token (PAT) that enabled the attackers to modify the repository with unauthorized code.
“We can tell the attacker gained sufficient access to update the v1 tag to the malicious code they had placed on a fork of the repository,” McCarthy said.
“The reviewdog Github Organization has a relatively large contributor base and appears to be actively adding contributors through automated invites. This increases the attack surface for a contributor’s access to have been compromised or contributor access to have been gained maliciously.”
In light of the compromise, affected users and federal agencies are advised to update to the latest version of tj-actions/changed-files (46.0.1) by April 4, 2025, to secure their networks against active threats. But given the root cause, there is a risk of re-occurrence.
Besides replacing the affected actions with safer alternatives, it’s advised to audit past workflows for suspicious activity, rotate any leaked secrets, and pin all GitHub Actions to specific commit hashes instead of version tags.
