3rd Party Risk Management: Governance & Risk Management
Over 23,000 Code Repositories Compromised Following Malicious Code Injection into GitHub Actions
By Mathew J. Schwartz (euroinfosec)
March 17, 2025
In a significant cybersecurity incident, attackers have compromised a popular tool integral to software development on GitHub, potentially exposing sensitive information from over 23,000 private code repositories. The attack involved the injection of malicious code into the tj-actions/changed-files action within GitHub Actions, a framework widely used for automating continuous integration and continuous delivery (CI/CD) workflows. Experts are warning that the stolen credentials could include critical API keys and authentication tokens, paving the way for further infiltration into other software tools.
According to security researchers, the malicious alteration was detected on March 15, 2025, with initial reports indicating that the attackers leveraged the functionality of the changed-files action, which identifies modified files in pull requests or commits. This tool’s ubiquity in both open-source and enterprise environments made it an attractive target. Tomer Filiba, CTO of Sweet, a cloud security firm, noted that the action’s ability to execute workflows conditionally based on file changes is a key reason for its widespread adoption.
Interestingly, the attackers seemed to focus their efforts on executing a supply-chain attack rather than seeking out secrets in public repositories, as stated by Dimitri Stiliadis, CTO of Endor Labs. The real objective appeared to be corrupting the software supply chain linked to open-source libraries and binaries, which are frequently packaged as part of a CI pipeline. This strategic focus on supply-chain vulnerabilities illustrates a concerning trend in cybersecurity, highlighting the potential risks to any public repository involved in these processes.
The malicious code injection was first discovered by StepSecurity, a firm specialized in software supply chain security for GitHub Actions. They issued a warning about the critical security incident, detailing how the attackers had modified the original code while retroactively associating multiple version tags with the compromised commit. This manipulation underscores the complexities inherent in managing third-party integrations within development environments.
At the core of the incident is a vulnerability designated as CVE-2025-30066. The attack involved embedding a malicious Node.js function that directed a download of a specifically crafted Python script. This script was designed to scan the memory of the GitHub Runner, GitHub’s virtual machine infrastructure for job execution, for stored credentials. Michael Clark, director of threat research at Sysdig, clarified that the subsequent output from this Python script was logged within GitHub Actions and could potentially be accessed by attackers to extract sensitive information.
The timeline of the attack is concerning. It commenced on March 12 with the code compromise, transitioning to a point on March 15 when StepSecurity alerted users about the exposure of secrets in public repository logs. GitHub responded by removing the tj-actions/changed-files action and issuing a security warning about the compromised versions ranging from v1 to 45.0.7, which could allow remote attackers to siphon secrets from the build logs. By late on March 15, GitHub had restored the action with all traces of the malicious insertion eliminated.
Organizations using the affected version of tj-actions/changed-files during its window of exploitation may now face high risks regarding the exposure of their secrets through public logs. While private repositories are at a comparatively lower risk, any organization utilizing the compromised action should consider their secrets as potentially compromised. StepSecurity urges all such organizations to conduct thorough searches across repositories for any instances of the tj-actions/changed-files action and to rotate any involved secrets immediately.
This incident exemplifies critical points for business owners to consider within the MITRE ATT&CK framework, specifically in tactics involving initial access, as the attackers made their way into the software supply chain. Such events highlight the importance of robust risk management practices and constant vigilance to protect sensitive information in a rapidly evolving threat landscape. Companies must ensure they have measures in place to detect and respond to such vulnerabilities efficiently.
