CVE Vulnerabilities

CVE-2025-30066

Embedded Malicious Code

Published: Mar 15, 2025 | Modified: Mar 19, 2025
CVSS 3.x
8.6
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)

Weakness

The product contains code that appears to be malicious in nature.

Affected Software

Name Vendor Start Version End Version
Changed-files Tj-actions * 45.0.7 (including)

Potential Mitigations

References