GitHub Actions, a popular CI/CD service utilized by developers to automate software builds and testing, is facing a major security threat following a supply chain attack targeting the tj-actions/changed-files GitHub Action. With over 23,000 organizations potentially at risk, researchers at StepSecurity have raised the alarm about the widespread implications of this breach.
The tj-actions/changed-files GitHub Action was designed to retrieve all files and directories within repositories, making it a crucial component in many workflows. However, last Friday, a malicious commit was discovered within the Action, where bad actors had altered its code and updated multiple version tags to reference the malicious commit. This supply chain compromise has been assigned the CVE identifier CVE-2025-30066, highlighting the severity of the incident.
One of the most alarming aspects of this attack is the exposure of sensitive secrets through the compromised Action. If workflow logs are publicly accessible, which is often the case in public repositories, unauthorized individuals could potentially access and exploit these exposed secrets. This includes confidential information such as AWS access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA Keys, among others.
The attackers compromised a Personal Access Token (PAT) linked to the @tj-actions-bot bot account, which the maintainer used for repository maintenance. The exact method used to compromise this PAT remains unknown, but the consequences are clear – the unauthorized exposure of sensitive secrets when the compromised Action is run on repositories.
The malicious code inserted into the compromised Action is designed to execute a Python script from a GitHub gist, extracting CI/CD secrets from the Runner Worker process. Despite no evidence of exfiltration of leaked secrets to remote networks, the potential damage caused by this breach is significant.
Jason Soroko, Senior Fellow at Sectigo, emphasizes the vulnerability of GitHub’s CI/CD ecosystem to such attacks. The compromise of tj-actions/changed-files underscores the ability of attackers to manipulate version tags retroactively, leading to the exposure of sensitive secrets through build logs. Soroko advocates for stringent measures to mitigate these risks, including pinning GitHub Actions dependencies to specific commit SHAs and conducting thorough audits of repositories to identify and replace compromised components.
The incident also sheds light on the importance of supply chain security within CI/CD pipelines. Eric Schwake, Director of Cybersecurity Strategy at Salt Security, underscores the critical role of maintaining a robust API security posture to prevent the widespread exposure of sensitive credentials. Schwake highlights the need for vigilance and proactive measures to safeguard automated workflows from potential attacks.
Allon Mureinik, Senior Software Engineering Manager at Black Duck, offers valuable insights into the trade-off between security and usability in the wake of this attack. Mureinik points out the significance of verifying code submissions and implementing policies that require signed commits to prevent unauthorized alterations. He also emphasizes the responsibility of developers to ensure the security of their software projects, regardless of whether they are built locally or through third-party services like GitHub.
In conclusion, the tj-actions/changed-files GitHub Action supply chain attack serves as a stark reminder of the persistent threats faced by developers in the digital landscape. By implementing stringent security measures, conducting regular audits, and prioritizing the protection of sensitive data, organizations can bolster their defenses against malicious actors seeking to exploit vulnerabilities in their CI/CD pipelines.