{"uuid": "02e0de52-c2c2-4a76-82a3-9ccc6b95783c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30066", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7671", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30066\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were not originally affected, but were modified by a threat actor to point at commit 0e58ed8, which contains the malicious updateFeatures code.)\n\ud83d\udccf Published: 2025-03-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-15T05:43:06.432Z\n\ud83d\udd17 References:\n1. https://github.com/github/docs/blob/962a1c8dccb8c0f66548b324e5b921b5e4fbc3d6/content/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md?plain=1#L191-L193\n2. https://github.com/tj-actions/changed-files/issues/2463\n3. https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised\n4. https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/\n5. https://news.ycombinator.com/item?id=43368870", "creation_timestamp": "2025-03-15T05:47:12.000000Z"}