CVE-2025-30066

Name: CVE-2025-30066
Creator: NVD / NIST
Published: 2025-03-15T06:15:12.193+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.6/10Actively ExploitedEPSS 41.01%

Last modified Jun 17, 2026

CVE-2025-30066 is a high-severity vulnerability rated 8.6/10 on the CVSS scale. tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.). CISA has confirmed active exploitation in the wild. EPSS estimates a 41.01% chance of exploitation in the next 30 days.

Description

tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)

Metrics

CVSS 3.1

8.6/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS Probability

41.01%

98.5th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Apr 8, 2025.

Weakness Enumeration

CWE-506

Affected Software

Vendor	Product	Versions
Tj-Actions	Changed-Files	<= 45.0.7

References

https://blog.gitguardian.com/compromised-tj-actions/Exploit, Third Party Advisory
https://github.com/chains-project/maven-lockfile/pull/1111Issue Tracking
https://github.com/espressif/arduino-esp32/issues/11127Issue Tracking
https://github.com/github/docs/blob/962a1c8dccb8c0f66548b324e5b921b5e4fbc3d6/content/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md?plain=1#L191-L193Product
https://github.com/modal-labs/modal-examples/issues/1100Issue Tracking
https://github.com/rackerlabs/genestack/pull/903Issue Tracking
https://github.com/tj-actions/changed-files/blob/45fb12d7a8bedb4da42342e52fe054c6c2c3fd73/README.md?plain=1#L20-L28Product
https://github.com/tj-actions/changed-files/issues/2463Issue Tracking
https://github.com/tj-actions/changed-files/issues/2464Issue Tracking
https://github.com/tj-actions/changed-files/issues/2477Issue Tracking
https://news.ycombinator.com/item?id=43367987Issue Tracking, Third Party Advisory
https://news.ycombinator.com/item?id=43368870Issue Tracking, Third Party Advisory
https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/Third Party Advisory
https://sysdig.com/blog/detecting-and-mitigating-the-tj-actions-changed-files-supply-chain-attack-cve-2025-30066/Mitigation, Third Party Advisory
https://web.archive.org/web/20250315060250/https://github.com/tj-actions/changed-files/issues/2463Issue Tracking
https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromisedExploit, Mitigation, Third Party Advisory
https://www.stream.security/post/github-action-supply-chain-attack-exposes-secrets-what-you-need-to-know-and-how-to-respondThird Party Advisory
https://www.sweet.security/blog/cve-2025-30066-tj-actions-supply-chain-attackThird Party Advisory
https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066Third Party Advisory
https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30066US Government Resource

Timeline

Published: Mar 15, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-30066?

How severe is CVE-2025-30066?

CVE-2025-30066 has a CVSS score of 8.6/10 (HIGH severity). The EPSS model estimates a 41.01% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2025-30066?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-30066?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST