Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow.
The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories. It’s used to track and retrieve all changed files and directories.
The supply chain compromise has been assigned the CVE identifier CVE-2025-30066 (CVSS score: 8.6). The incident is said to have taken place sometime before March 14, 2025.
“In this attack, the attackers modified the action’s code and retroactively updated multiple version tags to reference the malicious commit,” StepSecurity said. “The compromised Action prints CI/CD secrets in GitHub Actions build logs.”
The net result of this behavior is that should the workflow logs be publicly accessible, they could lead to the unauthorized exposure of sensitive secrets when the action is run on the repositories.
This includes AWS access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA Keys, among others. That said, there is no evidence that the leaked secrets were siphoned to any attacker-controlled infrastructure.
Specifically, the maliciously inserted code is designed to run a Python script hosted on a GitHub gist that dumps the CI/CD secrets from the Runner Worker process. It’s said to have originated from an unverified source code commit. The GitHub gist has since been taken down.
The project maintainers have stated that the unknown threat actor(s) behind the incident managed to compromise a GitHub personal access token (PAT) used by @tj-actions-bot, a bot with privileged access to the compromised repository.
Following the discovery, the account’s password has been updated, authentication has been upgraded to use a passkey, and its permissions levels have been updated such that it follows the principle of least privilege. GitHub has also revoked the compromised PAT.
“The Personal access token affected was stored as a GitHub action secret which has since been revoked,” the maintainers added. “Going forward no PAT would be used for all projects in the tj-actions organization to prevent any risk of reoccurrence.”
Anyone who uses the GitHub Action is advised to update to the latest version (46.0.1) as soon as possible. Users are also advised to review all workflows executed between March 14 and March 15 and check for “unexpected output under the changed-files section.”
The development once again underscores how open-source software remains particularly susceptible to supply chain risks, which could then have serious consequences for several downstream customers at once.
“As of March 15, 2025, all versions of tj-actions/changed-files were found to be affected, as the attacker managed to modify existing version tags to make them all point to their malicious code,” cloud security firm Wiz said.
“Customers who were using a hash-pinned version of tj-actions/changed-files would not be impacted, unless they had updated to an impacted hash during the exploitation timeframe.”
