More details have come to light on the recent supply chain hack targeting GitHub Actions, including the root cause of the incident and its scope.
The attack came to light late last week, when it was discovered that the code of a GitHub action named ‘tj-actions/changed-files’, which is actively used by over 23,000 repositories for tracking file and directory changes, had been modified to execute a malicious script designed to dump CI/CD secrets to build logs.
Threat actors could then obtain the leaked secrets from these logs and leverage them for further attacks. However, to date there does not appear to be any evidence of the collected data actually being exfiltrated.
Several cybersecurity firms have analyzed the incident. One of them is cloud security giant Wiz (recently acquired by Google), which determined based on a lead from researcher Adnan Khan that the root cause of the incident is an action made by Reviewdog, which provides code review tools.
The tj-actions/change-files action uses an action called tj-actions/eslint-changed-files, which in turn uses the reviewdog/action-setup action. Tj-actions said its code was modified after the attacker obtained a GitHub personal access token (PAT).
“We believe that it is likely the compromise of reviewdog/action-setup is the root cause of the compromise of the tj-actions-bot PAT,” Wiz explained.
Reviewdog launched an investigation after being notified by Wiz and determined that several of its actions were impacted. It immediately took steps to address the issue and attempt to prevent future incidents.
Reviewdog said contributors are automatically invited to its GitHub organization and granted write access for maintenance of its actions. The attacker either abused this automatic invitation process or hacked an existing contributor’s account to achieve its goal.
Palo Alto Networks has also analyzed this GitHub Actions supply chain hack and determined that the attack initially targeted the cryptocurrency exchange Coinbase.
“The payload was focused on exploiting the public CI/CD flow of one of [Coinbase’s] open source projects – agentkit, probably with the purpose of leveraging it for further compromises. However, the attacker was not able to use Coinbase secrets or publish packages,” Palo Alto Networks explained.
The attacker then moved on to the larger attack that came to light last week. Palo Alto’s analysis also indicates that the reviewdog/action-setup action was the root cause of the incident, and determined that the potential impact is much bigger than initially believed in terms of affected dependencies.
The reviewdog/action-setup action is directly used by over 3,000 other actions, which in turn are used by many other projects. According to Palo Alto Networks, the dependency count reaches nearly 160,000 on the third level of the dependency tree.
However, Endor Labs has attempted to analyze the actual damage of the attack, specifically how many repositories actually leaked secrets and whether the exposed information was sensitive.
The security firm determined that only 218 of the repositories that depend on the tj-actions/changed-files action actually leaked secrets. Moreover, the majority of those secrets are short-lived tokens that expire when a workflow run is completed.
The CVE identifiers CVE-2025-30154 and CVE-2025-30066 have been assigned to the incident, for the Reviewdog and Tj-actions actions, respectively.
Organizations concerned about being impacted by such supply chain attacks should review GitHub’s security recommendations for using third-party actions.
UPDATE: A GitHub spokesperson told SecurityWeek, “There is currently no evidence to suggest a compromise of GitHub or its systems. The projects highlighted are user-maintained open source projects. GitHub continues to review and take action on user reports related to repository contents, including malware and other malicious attacks, in accordance with GitHub’s Acceptable Use Policies. Users should always review GitHub Actions or any other package that they are using in their code before they update to new versions. That remains true here as in all other instances of using third party code.”
Related: GitLoker Strikes Again: New “Goissue” Tool Targets GitHub Developers and Corporate Supply Chains
Related: GitHub Actions Artifacts Leak Tokens and Expose Cloud Services and Repositories
Related: North Korean Fake IT Workers Pose as Blockchain Developers on GitHub
