Over 23,000 organizations may be at risk following a supply chain attack affecting tj-actions/changed-files GitHub Action, say researchers at StepSecurity.
GitHub Actions is a CI/CD service that allows developers to automate software builds and testing. Workflows run in response to specific events, such as committing new code to a repository. With adoption in over 23,000 repositories, tj-actions/changed-files is a GitHub Action designed to retrieve all files and directories.
Last Friday, a malicious commit in the Action was uncovered whereby bad actors modified its code and retroactively updated multiple version tags to reference the malicious commit. The supply chain compromise has been assigned the CVE identifier CVE-2025-30066 (CVSS score: 8.6). The incident is believed to have taken place sometime before 14 March.
Exposing Secrets
According to StepSecurity researchers: “In this attack, the attackers modified the action’s code and retroactively updated multiple version tags to reference the malicious commit. The compromised Action prints CI/CD secrets in GitHub Actions build logs. If the workflow logs are publicly accessible (such as in public repositories), anyone could potentially read these logs and obtain exposed secrets. There is no evidence that the leaked secrets were exfiltrated to any remote network destination. Here is the sequence of events that led to this supply chain attack.”
The malefactors compromised a Personal Access Token (PAT) linked to the @tj-actions-bot bot account to which the maintainer used for maintaining the repository, although the exact attack method to compromise this PAT is unknown.
The result of this is that should the workflow logs be publicly accessible, which could lead to the unauthorized exposure of sensitive secrets when the action is run on the repositories. This includes AWS access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA Keys, among others.
The malicious code is designed to run a Python script hosted on a GitHub gist that dumps the CI/CD secrets from the Runner Worker process. It’s said to have originated from an unverified source code commit.
A High-Value Target
GitHub’s CI/CD ecosystem is a high-value target for malicious code injections, comments Jason Soroko, Senior Fellow at Sectigo. “The compromise of tj-actions/changed-files highlights how attackers can retroactively alter version tags to include a hidden payload that extracts and exposes sensitive secrets through build logs. The injected Python script, sourced from an unverified GitHub gist, manipulates trusted workflows to leak AWS keys, GitHub PATs, npm tokens, and private RSA keys. Even without confirmed evidence of active exfiltration, the incident (CVE-2025-30066, CVSS 8.6) exposes systemic vulnerabilities inherent in third-party dependencies and the automation pipeline.”
Entities should strictly pin GitHub Actions dependencies to specific commit SHAs instead of mutable version tags to prevent retroactive malicious updates, Soroko adds. “Security professionals must audit their repositories for usage of the compromised Action and replace or remove it entirely, rotating all potentially exposed secrets including AWS keys, GitHub PATs, npm tokens, and RSA keys. Additionally, establishing allow-lists for approved Actions, employing OpenID Connect (OIDC) instead of static credentials, and continuously monitoring CI/CD environments for abnormal behaviors are best practices to proactively mitigate these kinds of supply chain attacks.”
Highlighting Supply Chain Security
Eric Schwake, Director of Cybersecurity Strategy at Salt Security, says this compromise highlights the critical importance of supply chain security, particularly within CI/CD pipelines, and reveals the potential for widespread exposure of sensitive credentials, including those used for API access.
“Understanding and maintaining a robust API security posture, particularly within automated workflows, is essential for mitigating the risks associated with such attacks,” Schwake says. “Security professionals must recognize that even widely used and seemingly harmless tools can serve as vectors for attack.”
A Trade-off Between Security and Usability
There are several interesting points about this attack that are worth considering, adds Allon Mureinik, Senior Software Engineering Manager at Black Duck. “First, from the perspective of the action that was compromised- the original malicious commit that compromised this GitHub action was made to look as though the Renovate bot authored it, but it unlikely that the bot actually authored this malicious commit. It’s worth noting that this commit was unverified, and having a policy that requires all submissions to the repo be signed may have prevented this attack. Having said that, requiring contributors to sign their commits does add a bit of overhead, and may scare aware novice developers, so maintainers should consider this trade-off between security and usability carefully before making such a decision.”
Second, Mureinik says from the perspective of anyone using this action – the SaaS nature of GitHub actions does not invalidate the basic security best-practices. “The issue was detected by monitoring the network and detecting an anomalous endpoint that appeared in the workflow’s traffic. A GitHub Action is ultimately a piece of software, and like any piece of software, there are SCA solutions to ensure that the version you’re using is patched and up to date. While it may be tempting to shrug all these considerations off as “the platform’s problem”, the responsibility to ensure the security of a software project lies with those who build it, whether it’s built locally or by using a third-party service like GitHub.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.