Wednesday, May 7, 2025
HomeCVE/vulnerabilityCISA Warns of Supply-Chain Attack Exploiting GitHub Action Vulnerability

CISA Warns of Supply-Chain Attack Exploiting GitHub Action Vulnerability

Published on

SIEM as a Service

Follow Us on Google News

The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm over a critical supply-chain attack affecting a widely used third-party GitHub Action: tj-actions/changed-files.

This action, exploited under CVE-2025-30066, is designed to identify changes in files during pull requests or commits.

However, its compromise poses a significant risk to users by allowing unauthorized access to sensitive information, including access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA keys.

- Advertisement - Google News

Impact and Response

The vulnerability was deemed severe enough for CISA to add CVE-2025-30066 to its Known Exploited Vulnerabilities Catalog.

The agency is urging users to update their GitHub Actions to at least version 46.0.1 to mitigate the issue.

The compromise highlights the growing concern of supply-chain attacks, where targeting a single component can have far-reaching consequences across hundreds or thousands of organizations using the affected software.

CISA emphasizes the importance of implementing robust security measures when using third-party actions.

This includes vigilance in monitoring logs for any signs of unauthorized access and ensuring that all software components are kept up-to-date with the latest security patches.

Guidance and Resources

CISA provides several resources for organizations to address this vulnerability effectively:

  • GitHub Documentation: Users can find detailed guidance on security hardening for GitHub Actions in the official GitHub documentation.
  • Vendor Support: Specific details about the compromised action and its impact are available on the GitHub page for tj-actions/changed-files.
  • Security Tools: Additional tools, such as Harden-Runner detection by StepSecurity and analysis by Wiz, offer insights into detecting and mitigating the attack.

This support ensures prompt action can be taken to protect against further exploitation.

The compromise of tj-actions/changed-files serves as a stark reminder of the importance of maintaining robust security practices in software development and deployment.

As the digital landscape continues to evolve, vigilance against such vulnerabilities is crucial for protecting sensitive information and maintaining trust in software supply chains.

Users must remain proactive in updating their systems and adhering to best security practices to safeguard against emerging threats.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...