CVE-2025-30154
Published Mar 19, 2025
Last updated 19 days ago
AI description
CVE-2025-30154 refers to a security vulnerability found in the reviewdog/action-setup GitHub Action. This action, version v1, was compromised on March 11, 2025, between 18:42 and 20:31 UTC. During this period, malicious code was injected into the action that would dump exposed secrets directly into GitHub Actions Workflow Logs. The compromise affected other Reviewdog actions that utilized the compromised action-setup@v1, regardless of their version or pinning method. These actions include reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.
- Description
- reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
- Exploit added on
- Mar 24, 2025
- Exploit action due
- Apr 14, 2025
- Required action
- Apply mitigations as set forth in the CISA instructions linked below. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security-advisories@github.com
- CWE-506
- nvd@nist.gov
- NVD-CWE-Other
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Resolution_HQ
16 Apr 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Resolution_HQ
15 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Cyberdidhack1
15 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Cyberdidhack1
15 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@spycyberservice
14 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@JOE_HACKER1
14 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Steve_cyber1
14 Apr 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@JOE_HACKER1
14 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@RuskovUnlock
14 Apr 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@THEHACKERPRK
14 Apr 2025
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@GhostLoginHacks
14 Apr 2025
91 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Recoverytheate
14 Apr 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Recoverytheate
14 Apr 2025
87 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@N3tWork99__
13 Apr 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Resolution_HQ
13 Apr 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼ https://
@DARKOV_HACK1
13 Apr 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@Resolution_HQ
13 Apr 2025
70 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
We added GitHub Actions vulnerability CVE-2025-30154, affecting reviewdog actions that use reviewdog/action-setup@v1, to our Known Exploited Vulnerabilities Catalog. #CyberSecurity https://t.co/fcLYXa1ZJA
@Space_Support_
10 Apr 2025
69 Impressions
0 Retweets
4 Likes
0 Bookmarks
3 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@justcyberwolf
10 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Coinbase dodged a bullet but 218 repos weren’t so lucky. A GitHub supply chain attack hijacked tj-actions/changed-files, leaking secrets from 200+ projects. 🔍 CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling ht
@achi_tech
26 Mar 2025
42 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CVE Alert: reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2025-30154 (CVSS 8.6/10) reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability Impact: A successful exploit allows ht
@CyberxtronTech
25 Mar 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-30154 Added https://t.co/MuKi9VZcSJ
@sysreq_syn
25 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-30154 #reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability https://t.co/V2x9TWfFar
@ScyScan
24 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added GitHub Actions vulnerability CVE-2025-30154, affecting reviewdog actions that use reviewdog/action-setup@v1, to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity ht
@CISACyber
24 Mar 2025
6244 Impressions
30 Retweets
44 Likes
12 Bookmarks
1 Reply
2 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@savana_recovery
24 Mar 2025
124 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#snaphack📢📢📢📢 #buyingcontent #monkeyappgirls🔗 🔗 #crypto #snapchatleak #bitcoin฿#easymoney🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling commits,‼‼‼ https:/
@savana_recovery
24 Mar 2025
143 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A supply chain attack initially aimed at Coinbase has expanded to compromise 218 GitHub repositories, exposing CI/CD secrets. Vulnerabilities CVE-2025-30066 and CVE-2025-30154 are linked. 🚨 #Coinbase #GitHub #USA link: https://t.co/KNPAdaAiGh https://t.co/saeN1qmaZT
@TweetThreatNews
23 Mar 2025
120 Impressions
0 Retweets
3 Likes
1 Bookmark
1 Reply
1 Quote
🚨 Coinbase dodged a bullet—but 218 repos weren’t so lucky. A GitHub supply chain attack hijacked tj-actions/changed-files, leaking secrets from 200+ projects. 🔍 CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6 🎯 Targets: DockerHub, npm, AWS creds 🕵️♂️ Tactics: Fork PRs, dangling
@TheHackersNews
23 Mar 2025
31569 Impressions
100 Retweets
265 Likes
94 Bookmarks
5 Replies
7 Quotes
GitHub Actions Supply Chain Attack (tj-actions & reviewdog) update: Team AXON dropped tools to detect secrets leaked via CVE-2025-30066 & CVE-2025-30154: - Secret Scanner - Log Fetcher (Linux/Win) Protect your repos https://t.co/xvmFwGHzH7 https://t.co/kKQEEBRx7b
@secharvesterx
22 Mar 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️Update on the GitHub Actions Supply Chain Attack Hunters' Team AXON has released a tool designed to help security teams identify secrets compromised by CVE-2025-30066 & CVE-2025-30154 Whether you're responding to the incident or verifying your repos, this tool is for you
@0x_prostem
21 Mar 2025
35 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes
GitHub Actions Supply Chain Attack (tj-actions & reviewdog) update: Team AXON dropped tools to detect secrets leaked via CVE-2025-30066 & CVE-2025-30154: 🔍 Secret Scanner 📦 Log Fetcher (Linux/Win) Protect your repos now: https://t.co/MJVP4YcsbD https://t.co/7ULwbITVZ
@team__axon
21 Mar 2025
312 Impressions
2 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-30154 reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicio… https://t.co/vw6j6cKUGi
@CVEnew
19 Mar 2025
293 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-30154: HIGH] A GitHub action, reviewdog/action-setup, was compromised on March 11, 2025, leading to exposure of secrets on GitHub Actions Workflow Logs. Related actions also impacted.#cybersecurity,#vulnerability https://t.co/8HdzzlViXY https://t.co/tWKDqs77pc
@CveFindCom
19 Mar 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:reviewdog:action-ast-grep:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "803018C3-8A54-4257-8AA0-34C8A44C158B",
"versionEndExcluding": "1.26.2"
},
{
"criteria": "cpe:2.3:a:reviewdog:action-composite-template:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0CA481E1-E3A5-4D2B-9F18-84F640CAB12E",
"versionEndExcluding": "0.20.2"
},
{
"criteria": "cpe:2.3:a:reviewdog:action-setup:1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5FB52BE-EC23-4D44-99C9-A87DA1C1146B"
},
{
"criteria": "cpe:2.3:a:reviewdog:action-shellcheck:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5BC0E9A-9A25-44F7-B93D-F8B37816EA90",
"versionEndExcluding": "1.29.2"
},
{
"criteria": "cpe:2.3:a:reviewdog:action-staticcheck:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E197FFD7-ACAE-470F-8734-B49CD171C9B1",
"versionEndExcluding": "1.26.2"
},
{
"criteria": "cpe:2.3:a:reviewdog:action-typos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2894269-B4A0-4BA1-BEB9-493B5E4D409B",
"versionEndExcluding": "1.17.2"
}
],
"operator": "OR"
}
]
}
]