CVE-2025-30066
ENISA EUVD: EUVD-2025-6565 ↗
Exploited in the Wild
✓ Confirmed 0-Day
Triaged: March 20, 2026
3 articles
Published: 2025-03-15
EPSS Score
Source: FIRST.org · 2026-05-23
91.83%
probability
This CVE has a 91.83% probability
of being exploited in the next 30 days.
0%
Top 99.7th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)8.6
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Description
VulnerabilityLookup (CNA)tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)
Affected Products
tj-actions
changed-files
1
Attack Intelligence
Exploits & PoC
1
2025-03-19
Super-Vulnerable-Org/compromised-action
Test repo: simulates CVE-2025-30066 style compromised GitHub Action (for security research/testing chainradar)
0
2026-05-14
2 repos — triés par ⭐
Rechercher sur GitHub ↗
Signal Intelligence
Confidence
85%
EPSS
91.83%
CVSS v3.1
8.6
Mentions
3
CNA Information
CNA Assigner
mitre
Analyst Note
CVE-2025-30066 is explicitly confirmed in CISA KEV catalog with active exploitation documented in the wild targeting GitHub Actions supply chain (tj-actions/changed-files). The 2025 publication year combined with immediate CISA listing and widespread exploitation reports across 23,000+ repositories strongly indicate this was exploited before or concurrently with patch availability, meeting zero-day criteria.
Triage Info
Decided atMar 20, 2026
Published DateMar 15, 2025