Vulnerability Alert: tj‑actions/changed‑files

Introduction

GitHub Actions are integral to modern continuous integration and delivery (CI/CD) pipelines. However, the widespread use of third‑party Actions introduces inherent risks into the software supply chain. Recent evidence now shows that the tj‑actions/changed‑files Action—employed by over 23,000 repositories—has been compromised by an attacker who modified nearly all git tags for each released version so that they reference a single, malicious commit. This post details the latest findings, including the timeline of the tag repointing, GitHub’s response, and best practices for mitigating similar risks.

Technical Analysis

Compromise Mechanics

The core issue arises from the mutable nature of Git tags. Originally, the Action was distributed with multiple tags (e.g., v1.0.0 through v45). The attacker repointed these tags to reference the malicious commit (hash 0e58ed8671d6b60d0890c21b07f8835ace038e67). This commit injects a shell snippet that, on Linux runners, downloads and executes a Python script from a remote gist. The script—obfuscated through double base64 encoding—reads the memory of the GitHub Actions runner to extract sensitive environment variables (including GitHub tokens) and then prints these secrets in the build logs.

For example, the injected payload includes the following snippet:

Once decoded (by piping the output twice through base64 decoding), the exfiltrated data reveals sensitive tokens. Public repositories are especially vulnerable, since their build logs are accessible to anyone.

Latest Developments and Timeline

Recent community reports and GitHub Issue discussions have provided further insight into the rapid repointing of tags:

• Narrow Repointing Window:
  Analysis of GitHub logs indicated that the repointing of tags occurred on March 14, 2025. One report observed that a “good” run using a trusted tag (e.g., v45, pointing to an expected commit) was recorded at approximately 17:47 UTC. However, a subsequent workflow run at around 20:05 UTC fetched the malicious commit. This narrow window is further corroborated by a comment from varunsh-coder on GitHub Issue #2463, which noted that one specific tag (e.g., tag v35.9.3) had been updated merely three hours prior, strongly suggesting that the attacker was able to repoint multiple tags in rapid succession.
  ‍
• GitHub’s Remediation Actions:
  In response to the incident, GitHub has removed the tj‑actions/changed‑files Action from its marketplace to prevent its further use in new workflows. However, repositories referencing the Action by mutable tags remain at risk until those workflows are updated.
  ‍
• CVE Assignment:
  The National Vulnerability Database (NVD) has published CVE‑2025‑30066 for this compromise. The latest CVE details reflect a CVSS v3.1 score of 8.6 (High), emphasizing the potential for remote attackers to leak secrets from publicly exposed logs.

Comparison with Previous Vulnerabilities

It is important to note that this supply chain attack is distinct from earlier vulnerabilities in the Action. For example, a previous command injection vulnerability (CVE‑2023‑51664) was addressed in version 41.0.0. In contrast, the current compromise involves retroactive modification of version tags and exfiltration of sensitive CI/CD secrets through log output.

Impact and Recommendations

Potential Impact

• CI/CD Pipeline Integrity:
  The compromised Action directly undermines the confidentiality of secrets, particularly in public repositories. An attacker could use leaked tokens to gain unauthorized access to sensitive systems.
  
  
• Supply Chain Trust:
  This incident reinforces the risks associated with third‑party Actions—especially when teams reference Actions by mutable version tags rather than immutable commit hashes.
  

Recommended Mitigation Strategies

1. Immediate Removal:
   Cease using tj‑actions/changed‑files in all workflows immediately. GitHub has removed the Action from its marketplace, but organizations must update any existing workflows that reference it.
   ‍
2. Audit Your CI/CD Workflows:
   Use GitHub’s search tools or third‑party code indexing solutions to identify all repositories and workflow files that reference the compromised Action. Pay special attention to those referencing the Action by tag.
   ‍
3. Secret Rotation:
   Review your GitHub Actions logs for any instances of leaked secrets and immediately rotate any compromised tokens.
   ‍
4. Immutable References:
   For future security, always pin GitHub Actions to specific commit SHAs instead of version tags. Immutable references prevent attackers from repointing tags to malicious commits.
   ‍
5. Enhanced Monitoring:
   Implement runtime security monitoring (e.g., Harden‑Runner) to detect anomalous network activity or unauthorized memory access on CI/CD runners. This extra layer of defense can provide early warning in the event of future supply chain attacks.

Conclusion

The compromise of tj‑actions/changed‑files is a stark reminder of the challenges inherent in securing the software supply chain. The rapid repointing of tags to a single malicious commit and the subsequent exfiltration of secrets underscore the need for immutable dependency referencing and vigilant monitoring of CI/CD environments. With GitHub’s recent remediation actions—including removal of the compromised Action and the issuance of CVE‑2025‑30066—organizations must now act swiftly: audit their workflows, rotate any leaked credentials, and adopt best practices to mitigate the risk of similar future attacks.

For additional details and real‑time updates, please refer to the latest advisories from GitHub and StepSecurity.

‍

References

Hassan, M. (2025, March 15). GitHub Actions Supply Chain Compromise: tj‑actions/changed‑files Action. Upwind. Retrieved from https://www.upwind.io/feed/github-actions-supply-chain-compromise-tj-actions-changed-files-action

Sharma, V. (2025, March 14). Harden-Runner detection: tj‑actions/changed‑files action is compromised. StepSecurity. Retrieved from https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised

National Institute of Standards and Technology. (2025, March 15). CVE‑2025‑30066 Detail. National Vulnerability Database. Retrieved from https://nvd.nist.gov/vuln/detail/CVE-2025-30066

tj‑actions/changed‑files. (2025, March 14). Multiple tags in this action are compromised [GitHub Issue #2463]. GitHub. Retrieved from https://github.com/tj-actions/changed-files/issues/2463