Let’s get into the tj-actions/changed-files supply chain attack. Read on for TL;DR, what you should do, what happened, and further information.
TL;DR
- The tj-actions/changed-files GitHub Action, which is currently used in over 23,000 repositories, has been compromised, leaking secrets through workflow logs and impacting thousands of CI pipelines.
- All tagged versions were modified, making tag-based pinning unsafe. Public repositories are at the highest risk, but private repos should also verify their exposure.
- Immediate steps include identifying affected workflows, removing all references to the compromised action, rotating secrets, and checking logs for suspicious activity.
Aikido’s response: We released a new SAST rule that flags any usage with critical severity (Score 100). Aikido can automatically pin your Github actions to prevent this kind of exploit in the future.
First off, what should you do?
Check if you are affected by the j-actions/changed-files supply chain attack:
A) Search for tj-actions in your codebase
B) Use this Github query to find references to the affected GitHub action in your organization's repositories (replace [your-org] with the name of your organization).
Stop using tj-actions/changed-files as soon as possible and remove all references to the compromised action.
Rotate the secrets of the affected pipelines and check logs of your (3rd party) services for suspicious use of the exposed tokens; focus on repos with publicly accessible CI runner logs first.
Let’s get into the attack: What happened?
A security incident involving the tj-actions/changed-files GitHub Action was identified in mid-March 2025. Attackers introduced malicious code that exposed CI/CD secrets via workflow logs. First reported by Step Security, the incident has been assigned CVE-2025-30066.
While there remains a lack of clarity about what happened and how the code got pushed, most reports indicate that the attacker compromised a GitHub Personal Access Token (PAT) linked to the tj-actions-bot account, which allowed the attacker to make unauthorized modifications, inject malicious code, and manipulate version tags.
Timeline of events:
Before March 14, 2025: The malicious code began impacting affected repositories, causing secrets to leak into public logs.
March 14, 2025: Security researchers identified the compromise and raised awareness.
March 15, 2025: The malicious script hosted on GitHub Gist was removed. The compromised repository was briefly taken offline to revert the malicious changes and later restored without the harmful commits.
March 15, 2025: The repo is back online with a statement on the attack; the maintainer has also commented on the attack.
While the immediate threat has been addressed, cached versions of the compromised action could still pose a risk. Proactive mitigation is necessary to secure sensitive credentials.
What is the impact of the tj-actions/changed-files attack?
Repositories using popular tj-actions/changed-files, especially public ones, risk leaking the secrets used in their pipelies. These secrets were exposed in workflow logs by the threat actor's malicious code. Although no confirmed external data exfiltration occurred, logs of public repositories could be accessed by malicious actors. Private repositories are less affected but should still assess their exposure, and rotate secrets if affected.
Public Repositories: High risk due to public exposure of workflow logs containing secrets.
Private Repositories: Lower risk, but having active secrets exposed in your workflow logs is still a significant risk.
Cached Action Users: Workflows that cached the compromised action may continue to be at risk until caches are purged.
How can Aikido help?
We released a new SAST rule that flags any tj-actions/changed-files usage with critical severity (Score 100). If you already use Aikido, you're covered. If you do not have an Aikido account, you can connect and scan your setup in a few seconds.
Beyond this attack, Aikido also automatically pins your Github actions to prevent this kind of exploit in the future.
And our proprietary malware threat feed - Aikido Intel - detects malware within 3 minutes after release on npm, pypi, and will be extended to Github actions soon.
We make it easy to your software supply chain, and provide you the earliest warning for new risks and attacks.
Learn more about the attack:
- A breakdown on “Understanding and Re-Creating the tj-actions/changed-files Supply Chain Attack” by Latio Analyst, James Berthoty. James also shows you how to re-create the attack in your own environment to test your sensor (be careful).
- Step Security, who first reported the attack, published an investigation analysis, “Harden-Runner detection: tj-actions/changed-files action is compromised”
- View CVE-2023-51664
.jpg)
.svg)
.jpg)
.jpg)
.jpg)
