CVE-2025-30066: CVE-2025-30066

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-30066

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

内嵌的恶意代码

Source: NVD (National Vulnerability Database)

Vulnerability Title

changed-files 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

changed-files是tj-actions开源的用于跟踪与目标分支相关的所有已更改文件和目录、之前的提交或最后一次远程提交从项目根返回的相对路径。 changed-files v46之前版本存在安全漏洞，该漏洞源于远程攻击者可以通过读取操作日志发现秘密。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
tj-actions	changed-files	1 ~ 46	-

II. Public POCs for CVE-2025-30066

#	POC Description	Source Link	Shenlong Link
1	Test CVE-2025-30066	https://github.com/OS-pedrogustavobilro/test-changed-files	POC Details
2	None	https://github.com/Checkmarx/Checkmarx-CVE-2025-30066-Detection-Tool	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-30066

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: changed-files

CVE-2023-51664
tj-actions/changed-files command injection in output filenam

Same vendor: tj-actions

Same weakness: CWE-506

V. Comments for CVE-2025-30066

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2025-30066

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-30066

III. Intelligence Information for CVE-2025-30066

IV. Related Vulnerabilities

V. Comments for CVE-2025-30066

Leave a comment