Cybersecurity experts are raising alarms over a breach involving the popular GitHub Action, tj-actions/changed-files, which has reportedly been manipulated to leak sensitive information from repositories utilizing continuous integration and continuous delivery (CI/CD) frameworks. This incident is significant, given that the affected action is employed in more than 23,000 repositories for monitoring file changes, raising concerns about the optimal functioning of development environments.
The incident, documented on GitHub, points to a supply chain compromise identified as CVE-2025-30066, which has been assigned a CVSS score of 8.6. Initial findings suggest that the breach occurred before March 14, 2025. Such vulnerabilities in developmental tools can compromise critical workflows and trust in open-source resources.
In a disturbing turn, attackers modified the action’s code and retroactively altered numerous version tags to link to the malicious commit. According to StepSecurity, “The compromised Action prints CI/CD secrets in GitHub Actions build logs.” This means that if the workflow logs were publicly accessible, sensitive credentials like AWS access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA Keys could be inadvertently exposed during execution.
The malicious code was cleverly crafted to execute a Python script hosted on a GitHub gist, designed to extract CI/CD secrets from the Runner Worker process. As of now, it remains unclear whether the extracted secrets were transmitted to any attacker-controlled infrastructure, though the existence of the malicious gist has been confirmed and subsequently removed.
In a statement, Dimitri Stiliadis, CTO of Endor Labs, highlighted that tj-actions/changed-files has become integral to organizational software development pipelines. “It aids developers in detecting changes in files within a repository,” he noted, emphasizing the potential impact on thousands of development operations due to the breach.
In response to this incident, firms like Sysdig have emphasized the increasing risk of supply chain attacks within CI/CD environments. Aqua, another cybersecurity entity investigating the breach, pointed out that the malicious payload had been carefully disguised to evade detection by automated scanning tools, compromising the reliability of not only the affected action but possibly numerous other dependent projects.
Project maintainers disclosed that an unknown adversary managed to gain access to a GitHub personal access token associated with @tj-actions-bot, granting the intruder privileged access to the compromised repository. Following the discovery, immediate measures were enacted, including updating the account’s password, transitioning to passkey authentication, and revising permissions based on the principle of least privilege. GitHub has since revoked the breached PAT, but the impact has already raised alarms across developer communities.
All users of tj-actions/changed-files are advised to upgrade to the latest version (46.0.1) promptly. Furthermore, developers are encouraged to review all workflows executed on March 14 and 15 to identify any unexpected outputs generated under the changed-files section. Previous security concerns regarding tj-actions/changed-files, such as the critical flaw CVE-2023-49291 identified in early 2024, underline the ongoing vulnerabilities present in open-source software and the consequential risks to downstream users.
The breach’s broader implications highlight the vulnerabilities inherent in open-source components within CI/CD pipelines, which could introduce significant risks for several downstream clients. As reported by Wiz, every version of tj-actions/changed-files was found to be compromised as of March 15, 2025, due to the retroactive manipulation of version tags leading them to malicious code. Organizations utilizing hash-pinned versions would remain unaffected unless they updated to an impacted hash during the exploitation period.
