HomeCII/OTUpdate Your GitHub Workflows immediately

Update Your GitHub Workflows immediately

Published on

spot_img

A critical security vulnerability (CVE-2025-30066) in the popular third-party GitHub Action, tj-actions/changed files, has been identified, putting sensitive information at risk. The flaw exposed valid access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA keys, prompting an urgent call for users to update to the patched version 46.0.1 to safeguard their repositories and workflows.

tj-actions/changed-files is a widely used GitHub Action that helps track file modifications in pull requests and commits, aiding developers in automating CI/CD workflows. However, a recent supply chain compromise allowed attackers to exploit a security weakness in this action, potentially leading to information disclosure risks. The vulnerability was discovered by StepSecurity Harden-Runner and has been promptly addressed in the latest patch.

The compromise, occurring between March 14 and March 15, 2025, involved malicious actors modifying versions v1 through v45.0.7 to point to commit 0e58ed8, which contained harmful code. This alteration enabled attackers to access action logs and possibly extract sensitive credentials. GitHub and the maintainer of tj-actions/changed-files acted swiftly to remove the compromised commit from all tags and branches, issuing a fix in version 46.0.1 and urging users to update promptly to prevent further exploitation.

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-30066 to its Known Exploited Vulnerabilities Catalog, highlighting the severity of the issue. CISA strongly recommends organizations to follow mitigation steps to enhance security when utilizing third-party GitHub Actions.

To mitigate the risk posed by the compromised action, users are advised to review workflows for any suspicious activity, update to the latest version (v46.0.1), rotate any potentially exposed secrets, and enhance security measures for third-party actions. The compromise of tj-actions/changed-files serves as a poignant example of supply chain attacks affecting the open-source community, underscoring the cascading impact a single compromised dependency can have across various sectors.

Key risks stemming from CVE-2025-30066 include the exposure of sensitive credentials, potential unauthorized access, and wide-scale repercussions due to the action’s popularity. In light of this incident, cybersecurity experts recommend regularly auditing dependencies, enabling GitHub’s security features, restricting workflow permissions, implementing zero-trust principles, and staying informed through security advisories.

In conclusion, the compromise of tj-actions/changed-files underscores the escalating risks associated with supply chain attacks in software development. By prioritizing security measures such as updating dependencies, restricting permissions, and monitoring for vulnerabilities, developers and organizations can mitigate similar attacks in the future. By adhering to CISA’s recommendations and proactive security practices, the risk of supply chain attacks can be significantly reduced, ensuring a more secure software development environment.

Source link

Latest articles

Progress Restores ShareFile Storage Access Following Security Warning

Progress Restores Access to ShareFile After Temporary Service Suspension Due to Security Threat Following a...

Why CISOs Should Implement Zero-Trust Security for IoT

Understanding IoT Security: The Role of Zero Trust in Safeguarding Connected Devices The Internet of...

Cybersecurity Requires Increased Prevention and Reduced Reliance on Cure

The Limits of a Detection-First Model As the cybersecurity landscape evolves, industry forums like the...

Researcher Discovers Ninth Windows Zero-Day Vulnerability

LegacyHive: An Emerging Local Privilege Escalation Vulnerability In a recent turn of events in the...

More like this

Progress Restores ShareFile Storage Access Following Security Warning

Progress Restores Access to ShareFile After Temporary Service Suspension Due to Security Threat Following a...

Why CISOs Should Implement Zero-Trust Security for IoT

Understanding IoT Security: The Role of Zero Trust in Safeguarding Connected Devices The Internet of...

Cybersecurity Requires Increased Prevention and Reduced Reliance on Cure

The Limits of a Detection-First Model As the cybersecurity landscape evolves, industry forums like the...