A recent cascading supply chain attack has severely impacted GitHub Actions, putting tens of thousands of repositories at risk by exposing sensitive CI/CD secrets. The breach, which initially targeted the popular “tj-actions/changed-files” utility, has now been traced back to an earlier compromise of the “reviewdog/action-setup@v1” GitHub Action. This revelation has prompted concerns within the developer community about the vulnerabilities in the CI/CD ecosystem. Researchers discovered the malicious code injected into the tj-actions/changed-files utility, identified as CVE-2025-30066, just last week. The Cybersecurity and Infrastructure Security Agency (CISA) has since acknowledged the issue, highlighting the serious nature of the attack.
The compromise allowed attackers to gain access to a wide range of sensitive data, including GitHub Personal Access Tokens (PATs), npm tokens, private RSA keys, and other critical access keys. This breach exposed the secrets within repositories using the compromised GitHub Actions, making it possible for attackers to misuse these secrets for malicious purposes. CISA has confirmed that the vulnerability has been patched in version 46.0.1 of the affected utility. However, the fact that the tj-actions/changed-files utility is employed in over 23,000 repositories means that the potential damage from this attack is vast, affecting a significant portion of the GitHub ecosystem.
Further analysis by security researchers at Wiz has provided a clearer picture of how the attack unfolded. According to their findings, the initial compromise occurred in the v1 tag of the reviewdog/action-setup GitHub Action. This was followed by the injection of malicious code that was designed to capture and dump CI/CD secrets into log files. The attackers used this method to target personal access tokens (PATs), including the one used by the tj-actions system, which was then compromised. Wiz’s report suggests that the breach of reviewdog/action-setup likely served as the gateway for the larger attack on tj-actions/changed-files.
The sophisticated nature of the attack cannot be understated. Attackers inserted a base64-encoded payload into an install script, which then exposed secrets from affected CI workflows in workflow logs. In repositories where the logs were publicly accessible, these secrets became vulnerable to theft, allowing malicious actors to exploit them. This breach underscores the significant risks associated with using third-party CI/CD tools and highlights the need for enhanced security measures to safeguard against such supply chain attacks within the open-source ecosystem.