Home > Vulnerability Database > CVE-2025-30066

Mend.io Vulnerability Database

CVE-2025-30066

Date: March 14, 2025

tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.) According to the release notes in GitHub, the malicious commit (0e58ed8) has been removed from all tags and branches, and necessary measures have been implemented to prevent similar issues in the future. The tags up to 45.0.7 were still tagged with the CVE for users' awareness. Please refer to tj-actions GitHub repository for more details.

Severity Score

8.6

Related Resources (28)

Url: https://github.com/chains-project/maven-lockfile/pull/1111

Url: https://github.com/modal-labs/modal-examples/issues/1100

Url: https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-30066

Url: https://www.sweet.security/blog/cve-2025-30066-tj-actions-supply-chain-attack

Url: https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/

Url: https://web.archive.org/web/20250315060250/https://github.com/tj-actions/changed-files/issues/2463

Url: https://news.ycombinator.com/item?id=43367987

Url: https://github.com/rackerlabs/genestack/pull/903

Url: https://github.com/tj-actions/changed-files

Url: https://github.com/tj-actions/changed-files/issues/2477

Url: https://blog.gitguardian.com/compromised-tj-actions/

Url: https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066

Url: https://news.ycombinator.com/item?id=43368870

Url: https://github.com/tj-actions/changed-files/security/advisories/GHSA-mw4p-6x4p-x5m5

Url: https://github.com/github/docs/blob/962a1c8dccb8c0f66548b324e5b921b5e4fbc3d6/content/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md?plain=1#L191-L193

Url: https://github.com/tj-actions/changed-files/releases/tag/v46.0.1

Url: https://blog.gitguardian.com/compromised-tj-actions

Url: https://github.com/tj-actions/changed-files/blob/45fb12d7a8bedb4da42342e52fe054c6c2c3fd73/README.md?plain=1#L20-L28

Url: https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised

Url: https://github.com/tj-actions/changed-files/issues/2463

Url: https://github.com/tj-actions/changed-files/issues/2464

Url: https://sysdig.com/blog/detecting-and-mitigating-the-tj-actions-changed-files-supply-chain-attack-cve-2025-30066

Url: https://github.com/espressif/arduino-esp32/issues/11127

Url: https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised

Url: https://www.stream.security/post/github-action-supply-chain-attack-exposes-secrets-what-you-need-to-know-and-how-to-respond

Url: https://sysdig.com/blog/detecting-and-mitigating-the-tj-actions-changed-files-supply-chain-attack-cve-2025-30066/

Url: https://www.mend.io/vulnerability-database/CVE-2025-30066

Severity Score

8.6

Weakness Type (CWE)

Embedded Malicious Code

CWE-506

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-30066

Date: March 14, 2025

Severity Score

Related Resources (28)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?