GitHub suffers a cascading supply chain attack compromising CI/CD secrets

A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have originated from an earlier breach of the “reviewdog/action-setup@v1” GitHub Action, according to a report.

The initial compromise of tj-actions/changed-files, designated as CVE-2025-30066, was discovered last week when researchers found malicious code injected into the tool. The Cybersecurity and Infrastructure Security Agency (CISA) has officially acknowledged the issue, noting that “This supply chain compromise allows for information disclosure of secrets including, but not limited to, valid access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA keys.”

CISA confirmed the vulnerability has been patched in version 46.0.1.

Given that the utility is used by more than 23,000 GitHub repositories, the scale of potential impact has raised significant alarm throughout the developer community.

The attack chain revealed

Security researchers at Wiz have now identified what they believe to be the root cause of this high-profile breach. According to their analysis, attackers first compromised the v1 tag of the reviewdog/action-setup GitHub Action, injecting similar code designed to dump CI/CD secrets to log files.

Since tj-actions/eslint-changed-files utilizes this reviewdog component, the initial breach created a pathway for attackers to steal a personal access token (PAT) used by the tj-actions system.

“We believe that it is likely the compromise of reviewdog/action-setup is the root cause of the compromise of the tj-actions-bot PAT,” Wiz researchers explained in their report. The timing of both compromises aligns closely, strengthening the connection between these security incidents.

The attack methodology involved a particularly sophisticated approach. Attackers inserted a base64-encoded payload into an install script, causing secrets from affected CI workflows to be exposed in workflow logs.

In repositories with public logs, these exposed secrets would be readily available to malicious actors, creating a significant security vulnerability across the GitHub ecosystem.

Widening impact assessment

The tj-actions developers had previously reported they could not determine exactly how attackers gained access to their GitHub personal access token. This new finding from Wiz provides the missing link, suggesting that the initial reviewdog compromise was the first domino in this cascading attack chain.

Beyond the confirmed compromise of reviewdog/action-setup@v1, the investigation has revealed several other potentially impacted actions from the same developer. These include reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos. The full extent of the compromise across these tools remains under investigation.

While GitHub and reviewdog maintainers have implemented fixes, Wiz warns that if any compromised actions remain in use, a repeat attack targeting “tj-actions/changed-files” could still occur — especially if exposed secrets are not rotated.

Response and remediation

The original tj-actions breach prompted GitHub to take swift action, pulling access to the compromised tool by March 16 and replacing it with a patched version (beyond 45.0.7). However, this new information about the cascading nature of the attack suggests that the security implications extend far beyond the initial assessment.

Industry experts are particularly concerned about the method of compromise within the Reviewdog project.

Wiz researchers noted that the project “maintains a large contributor base and accepts new members via automated invites,” potentially creating security weaknesses in their permission structure. This highlights how organizational practices can inadvertently create vulnerabilities that affect downstream dependencies.

For organizations potentially affected by this breach, security teams should immediately check for any references to reviewdog/action-setup@v1 in their repositories. The presence of double-encoded base64 payloads in workflow logs would confirm that secrets have been leaked.

“In such cases, all references to affected actions should be removed across branches, workflow logs should be deleted, and any potentially exposed credentials must be rotated immediately,” the report suggested.

Future prevention strategies

To mitigate similar risks in the future, security specialists are recommending several preventative measures. Rather than using version tags when implementing GitHub Actions, developers should pin their actions to specific commit hashes, which are immutable and cannot be modified after creation.

“Additionally, organizations should leverage GitHub’s allow-listing feature to restrict unauthorized actions from running in their environments,” Wiz suggested in its findings.

The incident underscores a growing trend of supply chain attacks targeting development tools and infrastructure. As organizations increasingly rely on third-party components and actions to streamline their development processes, the potential impact of such compromises continues to grow. A single breach in a widely used tool can quickly cascade across thousands of projects, highlighting the interconnected nature of the modern development ecosystem.