Changed-files (pre-v46) Remote Secret Disclosure via Log Reading
CVE-2025-30066 Published on March 15, 2025
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)
Known Exploited Vulnerability
This tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. The tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading actions logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens (PATs), npm tokens, and private RSA keys.
The following remediation steps are recommended / required by April 8, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Weakness Type
Embedded Malicious Code
The application contains code that appears to be malicious in nature. Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of an application or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.
Products Associated with CVE-2025-30066
Want to know whenever a new CVE is published for Tj Actions Changed Files? stack.watch will email you.
Affected Versions
tj-actions changed-files:- Version 1 and below 46 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.