CVE-2025-30066

Summary

The GitHub Action "tj-actions/changed-files" was modified by malicious users to download and execute malicious code. The action before release 46 allows remote attackers to discover secrets by reading actions logs. The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code. Note that the tj-actions/changed-files GitHub repository is not available in package managers as it is used as a public repository for GitHub action commands rather than a package you can import to your codebase. CVEs are used for tracking issues in software versions. CVEs are rarely assigned directly to malicious code (as it is not a vulnerability, it's malicious code), though this does happen on the rare occasion where there is a specific software package version that contains malicious code allowing assigning a CVE to it. This GitHub Action does not translate directly into any tracked software package.