High severityCISA KEVNVD Advisory· Published Mar 15, 2025· Updated Feb 26, 2026
CVE-2025-30066
CVE-2025-30066
Description
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tj-actions/changed-filesGitHub Actions | < 46.0.1 | 46.0.1 |
Affected products
1- tj-actions/changed-filesv5Range: 1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
28- github.com/advisories/GHSA-mrrh-fwg8-r2c3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-30066ghsaADVISORY
- blog.gitguardian.com/compromised-tj-actionsghsaWEB
- github.com/chains-project/maven-lockfile/pull/1111ghsaWEB
- github.com/espressif/arduino-esp32/issues/11127ghsaWEB
- github.com/github/docs/blob/962a1c8dccb8c0f66548b324e5b921b5e4fbc3d6/content/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.mdghsaWEB
- github.com/modal-labs/modal-examples/issues/1100ghsaWEB
- github.com/rackerlabs/genestack/pull/903ghsaWEB
- github.com/tj-actions/changed-files/blob/45fb12d7a8bedb4da42342e52fe054c6c2c3fd73/README.mdghsaWEB
- github.com/tj-actions/changed-files/issues/2463ghsaWEB
- github.com/tj-actions/changed-files/issues/2464ghsaWEB
- github.com/tj-actions/changed-files/issues/2477ghsaWEB
- github.com/tj-actions/changed-files/releases/tag/v46.0.1ghsaWEB
- github.com/tj-actions/changed-files/security/advisories/GHSA-mw4p-6x4p-x5m5ghsaWEB
- news.ycombinator.com/itemghsaWEB
- news.ycombinator.com/itemghsaWEB
- semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromisedghsaWEB
- sysdig.com/blog/detecting-and-mitigating-the-tj-actions-changed-files-supply-chain-attack-cve-2025-30066ghsaWEB
- web.archive.org/web/20250315060250/https://github.com/tj-actions/changed-files/issues/2463ghsaWEB
- www.cisa.gov/known-exploited-vulnerabilities-catalogghsaWEB
- www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066ghsaWEB
- www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromisedghsaWEB
- www.stream.security/post/github-action-supply-chain-attack-exposes-secrets-what-you-need-to-know-and-how-to-respondghsaWEB
- www.sweet.security/blog/cve-2025-30066-tj-actions-supply-chain-attackghsaWEB
- www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066ghsaWEB
- blog.gitguardian.com/compromised-tj-actions/mitre
- semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/mitre
- sysdig.com/blog/detecting-and-mitigating-the-tj-actions-changed-files-supply-chain-attack-cve-2025-30066/mitre
News mentions
0No linked articles in our index yet.