A popular GitHub Action has been compromised in a supply chain attack apparently targeting secrets associated with continuous integration and continuous delivery (CI/CD).
The targeted GitHub Action is called ‘tj-actions/changed-files’. Tj-actions provides GitHub Actions for streamlining CI/CD processes. Changed-files, which is actively used in over 23,000 repositories, is designed for tracking file and directory changes.
According to StepSecurity, a security company specializing in GitHub Actions, the incident started on March 14 and involved a threat actor modifying the Changed-files code to execute a malicious Python script designed to dump CI/CD secrets to build logs.
“If the workflow logs are publicly accessible (such as in public repositories), anyone could potentially read these logs and obtain exposed secrets,” StepSecurity said.
While the security firm has seen multiple public repositories leaking secrets in build logs that can be accessed by anyone, it noted that there is no evidence of the leaked secrets being exfiltrated.
A majority of the existing Changed-files version tags were updated to refer to the malicious commit. The CVE identifier CVE-2025-30066 has been assigned to this incident.
Software supply chain security firm Endor Labs has also tracked this incident and found no evidence that downstream open source libraries or containers have been impacted.
“The attacker was likely not looking for secrets in public repositories — they are already public. They were likely looking to compromise the software supply chain for other open source libraries, binaries, and artifacts created with this. Any public repository that creates packages or containers as part of a CI pipeline could have been impacted. That means potentially 1,000s of open source packages have the potential to have been compromised,” Endor said in a blog post.
“This can also apply to enterprise organizations that have both private and public repositories. If these repositories share CI/CD pipeline secrets for artifact or container registries these registries can be potentially compromised,” the company added.
On March 15, GitHub removed the tj-actions/changed-files action and restored it on the same day after the malicious commit was removed from all tags and branches.
Tj-actions developers and the security firms have shared recommendations on checking for indicators of compromise (IoCs) and incident response steps.
There has been some speculation regarding this incident, with some believing that it may have been an attack conducted by an unsophisticated threat actor or that it was just an attempt to raise awareness of the potential risks.
One researcher pointed out that one year ago he published a blog post describing a theoretical attack scenario targeting tj-actions/changed-files.
Related: GitHub Actions Artifacts Leak Tokens and Expose Cloud Services and Repositories
Related: GitLoker Strikes Again: New “Goissue” Tool Targets GitHub Developers and Corporate Supply Chains
Related: North Korean Fake IT Workers Pose as Blockchain Developers on GitHub
Related: GitHub Launches Fund to Improve Open Source Project Security
