What is tj-actions/changed-files?
tj-actions/changed-files is a popular GitHub Actions workflow component used to detect which files changed in a pull request or push event. It is referenced by over 23,000 public repositories and countless private repositories to automate CI/CD pipeline decisions based on which files were modified. GitHub Actions workflows run in a CI/CD context with access to repository secrets — AWS credentials, API keys, GitHub PATs, npm tokens, and deployment keys — making supply chain attacks on widely used Actions extremely high-impact.
Overview
CVE-2025-30066 is an embedded malicious code vulnerability (CWE-506) in the tj-actions/changed-files GitHub Action. An attacker compromised the tj-actions GitHub account on March 14, 2025, and injected a malicious shell payload into the Action's code by repointing version tags across all historical releases. Any CI/CD workflow that ran tj-actions/changed-files@v<any version> after the compromise executed the payload, which dumped all exposed CI/CD secrets (AWS credentials, GitHub PATs, npm tokens, RSA keys) to the workflow's public or private logs. Coinbase appears to have been the initial target; the broader attack affected thousands of repositories globally.
Affected Versions
| Product | Vulnerable | Fixed |
|---|---|---|
| tj-actions/changed-files | All version tags (v1–v45) repointed March 14–15, 2025 | Restored clean tags after March 15 |
Workflows using @vN or @main tags were affected. Pinned workflows using @<full commit SHA> were not affected if the commit predated the compromise.
Technical Details
The attacker gained control of the tj-actions GitHub account (likely through a compromised personal access token associated with the maintainer's account, possibly obtained via the upstream reviewdog compromise — see CVE-2025-30154). Once in control:
- Tag rewriting: The attacker forced-updated all existing version tags (v1 through v45) to point to a new malicious commit containing an injected script, rather than the legitimate historical commits.
- Malicious payload: The injected script ran
cat /proc/1/environand printed base64-encoded environment variables — which in a GitHub Actions context include allsecrets.*values — to the workflow run log. - Log exfiltration: Attacker-controlled servers scraped public workflow logs for the dumped secrets. Private workflow logs are also accessible to anyone with repository access.
Secrets commonly exposed:
- AWS IAM access keys and secret keys
- GitHub Personal Access Tokens (with repo/admin scopes)
- npm publish tokens
- Docker Hub credentials
- SSH private keys for deployment
- Stripe, Twilio, and other API service keys
Workflows using SHA pinning were safe: uses: tj-actions/changed-files@a0585ff01f97bad (a real SHA) would not have been affected since the commit itself was not modified.
Discovery
Coinbase security teams identified anomalous log output in their CI/CD pipelines on March 14–15, 2025, reported the issue, and initiated the broader investigation that revealed the attack's scope.
Exploitation Context
The attack directly targeted Coinbase's CI/CD pipeline, with the broader deployment appearing to have been a "spray" to collect credentials from the thousands of repositories referencing the Action. The same threat actor subsequently compromised reviewdog/action-setup (CVE-2025-30154) — a GitHub Action that tj-actions/changed-files itself depended upon — indicating a methodical supply chain escalation.
Wiz Research estimated ~23,000 public repositories were affected, with an unknown number of private repositories. The incident became a landmark case study in GitHub Actions supply chain security.
Remediation
- Pin all GitHub Actions to full commit SHAs — use
uses: tj-actions/changed-files@<full-sha>instead of@v45or@main. This is the only reliable defense against tag rewriting attacks. - Immediately rotate all credentials that may have been exposed in workflows running the compromised Action between March 14–15, 2025: AWS keys, GitHub PATs, npm tokens, SSH keys, and any other secrets.
- Audit CI/CD logs for base64-encoded strings in unexpected positions — this is the signature of the dump payload.
- Review and minimize secrets in GitHub Actions workflows — secrets should have minimum required scopes and short expiry.
- Follow CISA's mitigation instructions at the alert URL above for specific remediation steps.
- Enable GitHub's
push_policy: requiredworkflow approval for PRs from external contributors, and audit which actions your workflows invoke.
Key Details
| Property | Value |
|---|---|
| CVE ID | CVE-2025-30066 |
| Vendor / Product | tj-actions — changed-files GitHub Action |
| NVD Published | 2025-03-15 |
| NVD Last Modified | 2025-11-05 |
| CVSS 3.1 Score | 8.6 |
| CVSS 3.1 Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
| Severity | HIGH |
| CWE | CWE-506 find similar ↗ |
| CISA KEV Added | 2025-03-18 |
| CISA KEV Deadline | 2025-04-08 |
| Known Ransomware Use | No |
CVSS 3.1 Breakdown
Required Action
Timeline
| Date | Event |
|---|---|
| 2025-03-14 | Attacker compromises tj-actions GitHub account; injects malicious code across 23,000+ Action versions via tag manipulation |
| 2025-03-15 | Malicious code detected and reported; CVE assigned; tj-actions removes compromised tags |
| 2025-03-18 | CISA adds to KEV; issues joint alert with FBI and CISA mitigation instructions |
| 2025-04-08 | CISA BOD 22-01 remediation deadline |
References
| Resource | Type |
|---|---|
| GitHub Security Advisory — tj-actions/changed-files Compromise | Vendor Advisory |
| CISA Alert — Supply Chain Compromise of tj-actions/changed-files | US Government |
| NVD — CVE-2025-30066 | Vulnerability Database |
| CISA KEV Catalog Entry | US Government |
| Wiz Research — tj-actions Supply Chain Attack Analysis | Security Research |
| Palo Alto Unit 42 — tj-actions Supply Chain Attack | Security Research |