New findings have shed light on the recent supply chain attack involving GitHub Actions, revealing the root cause and raising concerns about the potential scale of the breach.
The issue surfaced last week when security researchers uncovered that the popular GitHub Action ‘tj-actions/changed-files’—widely used across 23,000 repositories—was secretly altered to execute malicious code. This injected script targeted sensitive CI/CD environment secrets, dumping them into build logs where attackers could later retrieve them.
While there’s still no confirmed evidence that the stolen secrets were successfully exfiltrated or used, the risk of further exploitation remains significant.
How the Attack Unfolded — A Chain Reaction From a Single Access Token
Cloud security firm Wiz, now owned by Google, traced the attack’s origin back to the Reviewdog project, known for its automated code review tools. The attack chain was discovered following a tip-off from researcher Adnan Khan.
Here’s how the sequence played out:
The compromised ‘tj-actions/changed-files’ Action relies on ‘tj-actions/eslint-changed-files’, which in turn depends on ‘reviewdog/action-setup’. According to the investigation, hackers gained control of a GitHub Personal Access Token (PAT) belonging to the tj-actions bot after exploiting Reviewdog’s Action.
“We believe the compromise of reviewdog/action-setup led directly to the breach of the tj-actions-bot PAT,” Wiz explained.
In response, Reviewdog launched a full investigation. Their findings pointed to an exploitation of GitHub’s contributor management system, where contributors are automatically invited to the organization with write access to key actions. The attacker either hijacked a contributor’s account or abused this invitation process to infiltrate the project.
Coinbase Targeted First, But Fallout Threatens 160,000 Projects
The attack initially aimed at Coinbase, as revealed by Palo Alto Networks. Analysts found that the malicious payload was designed to exploit the open-source CI/CD pipeline of Coinbase’s ‘agentkit’ project—likely as a stepping stone for broader attacks. Fortunately, the attacker couldn’t access Coinbase secrets or push malicious packages.
After failing to compromise Coinbase, the threat actor broadened their scope. Palo Alto’s deeper analysis confirmed ‘reviewdog/action-setup’ as the core vulnerability. Alarmingly, this single action is directly integrated into over 3,000 other actions, which then ripple out to influence nearly 160,000 projects in the third layer of the dependency tree.
This level of dependency dramatically widens the possible reach of the attack, making it one of the most concerning GitHub supply chain compromises in recent times.
Real Damage Limited, But Risk Management Urged
Despite the wide potential impact, the actual fallout appears limited so far. Security firm Endor Labs assessed the scale of leaked secrets and found that only 218 repositories relying on ‘tj-actions/changed-files’ had secrets exposed. Fortunately, most were short-lived tokens, automatically expiring once workflow runs completed—minimizing the long-term risk.
To address the severity of this breach, two CVE identifiers were assigned:
- CVE-2025-30154 for the Reviewdog component
- CVE-2025-30066 for the tj-actions module
Cybersecurity experts are urging organizations to review their use of third-party GitHub Actions. GitHub also recommends tightening permissions, validating action sources, and following strict security best practices to mitigate risks from similar supply chain attacks in the future.
