The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a serious vulnerability, CVE-2025-30066, related to tj-actions/changed-files to its Known Exploited Vulnerabilities catalog. This flaw allows attackers to remotely access sensitive data through action logs, potentially exposing AWS keys, PATs, and private keys. Security company Wiz suggests that the compromise may be part of a cascading supply chain attack, originating from reviewdog/action-setup@v1, which has also been infiltrated. The incident occurred around mid-March 2025, illustrating significant risks in CI/CD pipeline security.
CISA has identified a high-severity flaw in tj-actions/changed-files that allows attackers to extract sensitive data through malicious code in action logs.
The vulnerability may represent a cascading supply chain attack, beginning with reviewdog/action-setup@v1, leading to the tj-actions compromise.
Collection
[
|
...
]