Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
8.6
CVSSv3

CVE-2025-30066

CVSSv4: NA | CVSSv3: 8.6 | CVSSv2: NA | VMScore: 960 | EPSS: 0.62359 | KEV: Exploitation Reported
Published: 15/03/2025 Updated: 29/03/2025

Vulnerability Summary

Secrets Disclosure Vulnerability in tj-actions Changed-Files Before Version 46

tj-actions changed-files action versions before 46 have a security vulnerability that lets remote attackers uncover secrets by accessing actions logs. Versions from v1 through v45.0.7 were compromised during two specific dates in 2025 when a threat actor manipulated these versions to reference commit 0e58ed8, which included malicious updateFeatures code. This modification allowed unauthorized individuals to potentially view sensitive information through the GitHub Actions logging system.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

tj-actions changed-files

Github Repositories

https://github.com/cybrota/scharf

Identify all third-party GitHub/GitLab actions used in your Organization without pinned SHA-commits

Scharf Identify all third-party CI/CD actions used in your Organization without pinned SHA-commits using Scharf (Sharpen your CI/CD workflows) Scharf is a CLI tool designed to audit GitHub and GitLab repositories within a specified organization for action workflows that use third-party actions without SHA-based references In other words, tool flags all actions those are vers

https://github.com/Checkmarx/Checkmarx-CVE-2025-30066-Detection-Tool

Checkmarx-CVE-2025-30066-Detection-Tool

https://github.com/step-security/harden-runner

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.

Harden-Runner Corporate laptops and production servers typically have robust security monitoring in place to reduce risk and meet compliance requirements However, CI/CD runners, which handle sensitive information like secrets for cloud environments and create production builds, often lack such security measures This oversight has led to significant supply chain attacks, inclu

https://github.com/edamametechnologies/edamame_posture_cli

EDAMAME Posture: Free CI/CD CLI What?: Lightweight, developer-friendly security posture assessment and remediation tool—perfect for those who want a straightforward way to secure their development environment and CI/CD pipelines without slowing down development Table of Contents Overview Key Features Targeted Use Cases How It Works Security Posture Assessment Methods

https://github.com/cybrota/sharfer

Identify all third-party GitHub/GitLab actions used in your Organization without pinned SHA-commits

Sharfer Identify all third-party CI/CD actions used in your Organization without pinned SHA-commits using Sharfer (SHA Rectifier for CI/CD workflows) Sharfer is a CLI tool designed to audit GitHub and GitLab repositories within a specified organization for action workflows that use third-party actions without SHA-based references In other words, Sharfer flags all actions tho

https://github.com/cybrota/scharf-action

A GitHub action to detect mutable third-party references used in GitHub repository

scharf-action A GitHub action to detect mutable third-party references used in a GitHub repository This action uses Cybrota Scharf tool to identify actions with mutable tags See githubcom/cybrota/scharf for more details Usage jobs: run-unit-tests: runs-on: ubuntu-2204 steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1

Recent Articles

Supply chain attack on popular GitHub Action exposes CI/CD secrets
BleepingComputer • Bill Toulas • 17 Mar 2025

Supply chain attack on popular GitHub Action exposes CI/CD secrets By Bill Toulas March 17, 2025 11:24 AM 0 A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. The GitHub Action is a very popular automation tool designed for GitHub Actions workflows. It allows developers to identify files changed in a pull request or commit and take actions based on...

Read more...
GitHub supply chain attack spills secrets from 23,000 projects
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Large organizations among those cleaning up the mess

It's not such a happy Monday for defenders wiping the sleep from their eyes only to deal with the latest supply chain attack. StepSecurity disclosed a compromise of the popular GitHub Action tj-actions/changed-files, which works to detect file changes in open source projects, noting that more than 23,000 GitHub repositories currently use the automation project's code. The security shop said attackers compromised the project at some unknown point before March 14 (March 12, according to Sysdig) an...

Read more...

References

CWE-506NVD-CWE-Otherhttps://nvd.nist.govhttps://www.theregister.co.uk/2025/03/17/supply_chain_attack_github/https://github.com/cybrota/scharfhttps://www.first.org/epsshttps://blog.gitguardian.com/compromised-tj-actions/https://github.com/chains-project/maven-lockfile/pull/1111https://github.com/espressif/arduino-esp32/issues/11127https://github.com/github/docs/blob/962a1c8dccb8c0f66548b324e5b921b5e4fbc3d6/content/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md?plain=1#L191-L193https://github.com/modal-labs/modal-examples/issues/1100https://github.com/rackerlabs/genestack/pull/903https://github.com/tj-actions/changed-files/blob/45fb12d7a8bedb4da42342e52fe054c6c2c3fd73/README.md?plain=1#L20-L28https://github.com/tj-actions/changed-files/issues/2463https://github.com/tj-actions/changed-files/issues/2464https://github.com/tj-actions/changed-files/issues/2477https://news.ycombinator.com/item?id=43367987https://news.ycombinator.com/item?id=43368870https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/https://sysdig.com/blog/detecting-and-mitigating-the-tj-actions-changed-files-supply-chain-attack-cve-2025-30066/https://web.archive.org/web/20250315060250/https://github.com/tj-actions/changed-files/issues/2463https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromisedhttps://www.stream.security/post/github-action-supply-chain-attack-exposes-secrets-what-you-need-to-know-and-how-to-respondhttps://www.sweet.security/blog/cve-2025-30066-tj-actions-supply-chain-attackhttps://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
cameravalidationCVE-2025-39395CVE-2025-39445andreykCVE-2025-4664ciyashopedumawordpress events calendar registration & ticketsCVE-2025-39376CVE-2025-43836CVE-2025-4918local
Home
/
Search Results
/
CVE-2025-30066
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook