The compromised version of tj-actions/changed-files injects malicious code into CI workflows, potentially capturing and exposing secrets from affected repositories. On public repositories, the secrets would then be visible to everyone as part of the workflow logs, though obfuscated as a double-encoded base64 payload. As of now, no external exfiltration of secrets to an attacker-controlled server were observed; secrets were only observable within the affected repositories themselves. At the time of discovery, all versions of the Action were found to be affected. The compromise is also being tracked as a vulnerability, and has been assigned CVE-2025-30066.
The affected repository was taken down around 10:30AM UTC, March 15, 2024, and later restored with the offending commits removed. However, there is still a risk of Actions being cached and secrets that have already leaked.
Wiz Threat Research estimates that the attack likely originated from the compromise of the reviewdog/action-setup GitHub Action, where the v1 tag was temporarily pointed to a malicious commit on March 11, 2025. This action was used within tj-actions/eslint-changed-files, which, in turn, was executed by tj-actions/changed-files with a GitHub Personal Access Token (PAT). The attacker could have leveraged this dependency chain to inject a malicious payload, which extracted workflow secrets by encoding them in base64 and embedding them into logs. Unlike the tj-actions/changed-files compromise, this payload did not use curl for exfiltration but instead directly modified the install.sh script.