Wake-up Call for GitHub Actions!

A critical supply chain security incident recently shook the open-source community, targeting the widely used tj-actions/changed-files GitHub Action. With over 23,000 repositories relying on this tool — designed to list modified files in commits and pull requests — the compromise, now tracked as CVE-2025-30066, serves as a stark reminder of the potential risks inherent in relying on third-party actions and underscores the urgent need for stringent security practices within CI/CD pipelines.

On March 14th, a significant security breach surfaced within the GitHub Actions ecosystem, centered on the widely used tj-actions/changed-files Action. This Action, essential for identifying modified files in CI/CD workflows, was compromised by the injection of malicious code. For context, it's important to know that GitHub Actions are reusable, often open-source, components that developers can reference in their CI/CD workflows. The tj-actions/changed-files Action, like many others, processes environment variables which can contain sensitive secrets. Therefore, this compromise exposed secrets, API keys, and other credentials in workflow run logs.

StepSecurity researchers apparently first noticed an anomaly in this environment when they observed an unexpected external endpoint during a workflow execution. Their prompt reporting was crucial in alerting the community. The attack involved adversaries modifying the Action's code and retroactively updating numerous version tags to point to a malicious commit. This meant that nearly all historical releases of tj-actions/changed-files were compromised. The injected code executed a Python script to extract CI/CD secrets from the runner's memory and then print them directly into the workflow logs. Notably, no external exfiltration to attacker-controlled servers was observed; the secrets were only visible within the affected repositories' logs. This poses a significant risk to public repositories, where these logs are accessible to anyone with read access.

Further investigation revealed that the compromise of tj-actions/changed-files was potentially linked to an attack on the reviewdog/actions-setup@v1 Action, with vulnerability assigned CVE-2025-30154, indicating a broader breach within the GitHub Actions ecosystem. All versions of tj-actions/changed-files were affected by March 15th, as the attackers had successfully manipulated existing version tags. The root cause was traced to a compromised GitHub Personal Access Token (PAT) belonging to the @tj-actions-bot account. The attackers used this PAT to push the malicious commit and impersonated the "renovate[bot]" user account to make it look like it was coming from a legitimate user. This success was facilitated by a lack of security controls in the tj-actions/changed-files repository, such as requiring signed commits and implementing branch and tag protection rules.

In response, StepSecurity released a secure drop-in replacement, step-security/changed-files, to aid in recovery. In addition, the GitHub gist hosting the malicious script was taken down, and the compromised repository was temporarily removed from the Actions marketplace by GitHub. The maintainers of tj-actions/changed-files also acted swiftly, removing the malicious code, releasing patched versions, and restoring the repository to a safe state, reverting all version tags to clean code.

The compromise of tj-actions/changed-files serves as a stark reminder of the inherent vulnerabilities within the open-source ecosystem, particularly concerning supply chain security. This incident underscores the necessity for rigorous security practices, including thorough assessments, proactive monitoring, and meticulous dependency management. By remaining vigilant and adopting robust security measures, organizations can significantly mitigate the risks associated with such attacks. The trust placed in widely used components must be continually validated to ensure the integrity of CI/CD pipelines.

To effectively navigate the complexities of supply chain security, organizations must prioritize proactive vulnerability detection and response. At Fluid Attacks, we understand the critical nature of these threats and offer specialized solutions to help identify and remediate vulnerabilities, including those stemming from incidents like the tj-actions/changed-files compromise. In fact, we can help you detect and respond to this issue and other vulnerabilities related to supply chain attacks through GitHub Actions. If your organization requires expert support, please get in touch with us. We are committed to empowering you with the tools and expertise to safeguard your development processes.