CVE-2025-30066
Published Mar 15, 2025
Last updated 20 days ago
AI description
CVE-2025-30066 is a vulnerability affecting tj-actions/changed-files. It allows remote attackers to discover secrets by reading GitHub Actions logs. Versions up to 45.0.7 are affected. The vulnerability arose because a threat actor modified tags in versions v1 through v45.0.7 to point to a compromised commit (0e58ed8). This commit contained malicious code that enabled unauthorized access to sensitive information within the Actions logs.
- Description
- tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
- Exploit added on
- Mar 18, 2025
- Exploit action due
- Apr 8, 2025
- Required action
- Apply mitigations as set forth in the CISA instructions linked below. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cve@mitre.org
- CWE-506
- nvd@nist.gov
- NVD-CWE-Other
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Resolution_HQ
16 Apr 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Resolution_HQ
15 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Cyberdidhack1
15 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Cyberdidhack1
15 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@spycyberservice
14 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@JOE_HACKER1
14 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Steve_cyber1
14 Apr 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@JOE_HACKER1
14 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@RuskovUnlock
14 Apr 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@THEHACKERPRK
14 Apr 2025
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@GhostLoginHacks
14 Apr 2025
91 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Recoverytheate
14 Apr 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Recoverytheate
14 Apr 2025
87 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@N3tWork99__
13 Apr 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Resolution_HQ
13 Apr 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼ https://
@DARKOV_HACK1
13 Apr 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Resolution_HQ
13 Apr 2025
70 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@justcyberwolf
10 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30066
@transilienceai
4 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30066
@transilienceai
3 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30066
@transilienceai
2 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Recently, attackers compromised the popular GitHub Action tj-actions/changed-files, used in over 23,000 repositories. This high-impact breach (CVE-2025-30066) exposed countless projects to risk. While GitHub rolled back to a safe version, affected users must act fast. Learn http
@kaspersky
2 Apr 2025
152 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Exploited GitHub Action Exposes Secrets (CVE-2025-30066) https://t.co/8fBQu7tjMu A vulnerability in tj-actions/changed-files #GitHub Action has compromised sensitive data, including AWS keys and GitHub tokens. Attackers injected malicious code into affected versions.
@Huntio
31 Mar 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30066
@transilienceai
31 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30066
@transilienceai
31 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Atentie! Vulnerabilitate critica descoperita in GitHub Action tj-actions/changed-files (CVE-2025-30066) https://t.co/spF65lFzaz https://t.co/Ox1RkaHnf4
@Hit_Ro
30 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30066
@transilienceai
30 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30066
@transilienceai
29 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30066
@transilienceai
28 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30066
@transilienceai
27 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Recently attackers compromised the popular GitHub Action tj-actions/changed-files, used in over 23,000 repositories. This high-impact breach (CVE-2025-30066) exposed countless projects to risk. While GitHub rolled back to a safe version, affected users must act fast. Learn more:
@kaspersky
27 Mar 2025
1352 Impressions
3 Retweets
14 Likes
0 Bookmarks
0 Replies
1 Quote
Coinbase dodged a bullet but 218 repos weren’t so lucky. A GitHub supply chain attack hijacked tj-actions/changed-files, leaking secrets from 200+ projects. 🔍 CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling ht
@achi_tech
26 Mar 2025
42 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30066
@transilienceai
26 Mar 2025
15 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@savana_recovery
24 Mar 2025
124 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@savana_recovery
24 Mar 2025
143 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
On March 14, attackers compromised the popular GitHub Action tj-actions/changed-files, used in over 23,000 repositories. This high-impact breach (CVE-2025-30066) exposed countless projects to risk. While GitHub rolled back to a safe version, affected users must act fast. Learn h
@kaspersky
24 Mar 2025
1322 Impressions
0 Retweets
11 Likes
0 Bookmarks
0 Replies
0 Quotes
A supply chain attack initially aimed at Coinbase has expanded to compromise 218 GitHub repositories, exposing CI/CD secrets. Vulnerabilities CVE-2025-30066 and CVE-2025-30154 are linked. 🚨 #Coinbase #GitHub #USA link: https://t.co/KNPAdaAiGh https://t.co/saeN1qmaZT
@TweetThreatNews
23 Mar 2025
120 Impressions
0 Retweets
3 Likes
1 Bookmark
1 Reply
1 Quote
🚨 Coinbase dodged a bullet—but 218 repos weren’t so lucky. A GitHub supply chain attack hijacked tj-actions/changed-files, leaking secrets from 200+ projects. 🔍 CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling
@TheHackersNews
23 Mar 2025
31569 Impressions
100 Retweets
265 Likes
94 Bookmarks
5 Replies
7 Quotes
CVE-2025-30066 Secrets Disclosure Vulnerability in tj-actions Changed-Files Before Version 46 https://t.co/fv4WgBNNWM
@VulmonFeeds
22 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30066
@transilienceai
22 Mar 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub Actions Supply Chain Attack (tj-actions & reviewdog) update: Team AXON dropped tools to detect secrets leaked via CVE-2025-30066 & CVE-2025-30154: - Secret Scanner - Log Fetcher (Linux/Win) Protect your repos https://t.co/xvmFwGHzH7 https://t.co/kKQEEBRx7b
@secharvesterx
22 Mar 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 GitHub Actions Exploit CVE-2025-30066 compromised thousands of repositories, exposing CI/CD secrets & enabling unauthorized access. How can you prevent such attacks? Our latest blog breaks it down + how OpsMx can help prevent such issues. Link 👉 https://t.co/pYVOM69OCq
@ops_mx
21 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️Update on the GitHub Actions Supply Chain Attack Hunters' Team AXON has released a tool designed to help security teams identify secrets compromised by CVE-2025-30066 & CVE-2025-30154 Whether you're responding to the incident or verifying your repos, this tool is for you
@0x_prostem
21 Mar 2025
35 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes
GitHub Actions Supply Chain Attack (tj-actions & reviewdog) update: Team AXON dropped tools to detect secrets leaked via CVE-2025-30066 & CVE-2025-30154: 🔍 Secret Scanner 📦 Log Fetcher (Linux/Win) Protect your repos now: https://t.co/MJVP4YcsbD https://t.co/7ULwbITVZ
@team__axon
21 Mar 2025
312 Impressions
2 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30066
@transilienceai
21 Mar 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ DevOps Under Attack: GitHub Action Compromised On March 14, attackers compromised the popular GitHub Action tj-actions/changed-files, used in over 23,000 repositories. The malicious version exposed sensitive secrets and was assigned CVE-2025-30066. Although GitHub rolled it ht
@KasperskyKSA
21 Mar 2025
128 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"tj-actions/changed-files" サプライチェーン攻撃(CVE-2025-30066)の検知と緩和 はてなブックマーク テクノロジー新着 https://t.co/mqSdK5jMiJ
@mohritaroh
20 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 GitHub Actions are under attack! A supply chain attack hit tj-actions/changed-files, leaking AWS keys, GitHub PATs & more. CISA confirms active exploitation. 🔹 CVE-2025-30066 (CVSS 8.6) 🔹 Attack spread via another compromised Action 🔹 Sensitive secrets exposed via log
@achi_tech
20 Mar 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise. The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code. https://t.co/G5Jao9zell https://t.co/vt4p1TWU61
@riskigy
20 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-30066 #tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability https://t.co/7Iwb25lW8u
@ScyScan
20 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tj-actions:changed-files:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23B2BE4B-AC69-4088-9ABD-ACDB46ABAA9A",
"versionEndIncluding": "45.0.7"
}
],
"operator": "OR"
}
]
}
]