.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
Informational
Advisory: GitHub Action tj-actions/changed-files Compromise (CVE-2025-30066)
CVE(N)
CVE-2025-30066
产品(N)
Cloud Optix
Sophos Endpoint
Sophos Central
Sophos Email
Sophos Firewall
Sophos Home
Sophos RED
Sophos UTM
Sophos Wireless
Sophos ZTNA
SophosLabs Intelix
更新日
2025 Mar 17
文章版本
1
公開日
2025 Mar 17
公開 ID
sophos-sa-20250317-tj-action-compromise
回避策
No
Overview
On 14 March 2025, a security issue was reported in the tj-actions/changed-files GitHub Action, which identified that the Action’s code had been compromised by an external attacker.
The compromised code allowed the attacker to log CI/CD credentials from the Runner Worker process into the GitHub build logs. This could potentially lead to the exfiltration of sensitive credentials, particularly if the repository was public or if the attacker had access to the build logs.
Sophos has investigated the potential impact of the compromised Github Action and has found no evidence that any Sophos repositories or products were affected.
Related information
Sophos Responsible Disclosure Policy
To learn about Sophos security vulnerability disclosure policies and publications, see the Responsible Disclosure Policy.