.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
Informational
Advisory: GitHub Action tj-actions/changed-files Compromise (CVE-2025-30066)
CVE(N)
CVE-2025-30066
PRODUIT(S)
Cloud Optix
Sophos Endpoint
Sophos Central
Sophos Email
Sophos Firewall
Sophos Home
Sophos RED
Sophos UTM
Sophos Wireless
Sophos ZTNA
SophosLabs Intelix
Mis à jour
2025 Mar 17
Version de l'article
1
Publié
2025 Mar 17
ID de publication
sophos-sa-20250317-tj-action-compromise
Solution alternative
No
Overview
On 14 March 2025, a security issue was reported in the tj-actions/changed-files GitHub Action, which identified that the Action’s code had been compromised by an external attacker.
The compromised code allowed the attacker to log CI/CD credentials from the Runner Worker process into the GitHub build logs. This could potentially lead to the exfiltration of sensitive credentials, particularly if the repository was public or if the attacker had access to the build logs.
Sophos has investigated the potential impact of the compromised Github Action and has found no evidence that any Sophos repositories or products were affected.
Related information
Sophos Responsible Disclosure Policy
To learn about Sophos security vulnerability disclosure policies and publications, see the Responsible Disclosure Policy.