Github Action 'tj-actions/changed-files' Compromised in Supply Chain Attack
A recent supply chain attack has compromised the GitHub Action 'tj-actions/changed-files', a widely used tool for automating workflows by detecting file changes in commits or pull requests. The compromised action, which is currently used in over 23,000 repositories, allows attackers to extract secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow.
Researchers at StepSecurity discovered the issue on March 14, 2025, when they detected an unexpected endpoint in the network traffic. Anomaly detection by their Harden-Runner tool revealed that the incident started around 9:00 AM Pacific Time (PT) / 4:00 PM UTC on that day.
Further analysis revealed that attackers modified the tj-actions/changed-files GitHub Action's code and retroactively updated multiple version tags to reference a malicious commit. This compromise enables the action to print CI/CD secrets in GitHub Actions build logs, which can be publicly accessible in public repositories.
"There is no evidence that the leaked secrets were exfiltrated to any remote network destination," stated StepSecurity researchers. "However, if workflow logs are publicly accessible (such as in public repositories), anyone could potentially read these logs and obtain exposed secrets."
The Impact of the Compromise
Most versions of tj-actions/changed-files were compromised on March 14, 2025. The incident led to multiple public repositories leaking secrets in build logs, allowing anyone to steal these secrets.
The CVE-2025-30066 (CVSS score: 8.6) was assigned to this supply chain attack. Researchers noticed that the compromised GitHub Action executes a malicious Python script that extracts CI/CD secrets from the Runner Worker process.
How Attackers Exploited the Compromise
Attackers retroactively altered multiple release tags to point to the same malicious commit, injecting an exploit that dumps memory and extracts sensitive data. The commit falsely attributed to the renovate bot downloads and executes a script from an external source, using memory forensics to locate and extract secrets.
The Response
GitHub promptly removed the tj-actions/changed-files Action preventing GitHub Actions workflows from using this Action. Users are advised to update to GitHub Action version 46.0.1 and review workflows from March 14-15 for unexpected output in the changed-files section.
The Aftermath
"The Personal access token affected was stored as a GitHub action secret which has since been revoked," stated the project maintainers. "Going forward, no PAT would be used for all projects in the tj-actions organization to prevent any risk of reoccurrence."
As a result of this incident, it is essential for developers and organizations to prioritize security measures and regularly update their tools and dependencies to prevent similar supply chain attacks.
Stay Informed
Follow us on Twitter: @securityaffairs and Facebook and Mastodon to stay up-to-date with the latest cybersecurity news and alerts.