The recent compromise of the GitHub Action tj-actions/changed-files, identified as CVE-2025-30066, offers valuable insights for red team operations. This incident involved attackers injecting malicious code into a widely used GitHub Action, leading to the exposure of sensitive secrets in CI/CD logs.

Before proceeding, lets look at what tj-actions/changed-files GitHub action does and why its compromise led to a supply chain attack.

Follow my journey of 100 Days of Red Team on WhatsApp, Telegram or Discord.

The tj-actions/changed-files GitHub Action is commonly used in CI/CD workflows to detect which files have been modified in a pull request or commit. It helps automate tasks such as running tests only on changed files, triggering specific deployment processes, or enforcing code quality rules. Because it is used across many repositories, compromising this action had far-reaching consequences. By injecting malicious code into the Action, attackers were able to access secrets by exfiltrating them via workflow logs which are publicly accessible as part of the GitHub repository.

So what can red team operators take away from this?

GitHub Personal Access Tokens (PATs) can open otherwise locked doors

Red teams can look for PATs in both public and internal repositories, as many organizations use internally hosted GitHub Enterprise instances. Internal GitHub repositories are often less scrutinized for security misconfiguration, making them a valuable target for discovering hard-coded secrets. If a PAT is exposed, it can grant unauthorized access to private code repositories, potentially allowing red team operators to inject malicious code and pivot further into the infrastructure.

Use GitHub Actions for code execution away from the prying eyes of EDR

The compromise of GitHub Actions can serve as a vector for lateral movement within an organization's infrastructure. By injecting malicious code into a GitHub Action used in CI/CD pipelines, red team operators can execute unauthorized commands, access additional resources, or escalate privileges within the environment. ​

Let third-party integrations show you the way in

An often-overlooked attack vector is the abuse of third-party integrations. Many organizations rely on externally maintained GitHub Actions, like the one compromised in this attack. If an action is hijacked or a malicious update is introduced, all repositories using that action could be compromised. Red teams should assess an organization’s reliance on third-party CI/CD dependencies and determine whether any can be leveraged for initial access, lateral movement, privilege escalation or access to sensitive resources.

Here’s a mapping of the above attack techniques to MITRE ATT&CK:

• T1078: Valid Accounts - Utilize compromised GitHub PATs to gain unauthorized access to repositories.

• T1072: Software Deployment Tools - Abuse GitHub Actions as a deployment tool to execute malicious code.

• T1556.007: Adversary-in-the-Middle: Manipulate Application Access Tokens - Exploit access tokens to manipulate application behavior.

Red Team Notes
Based on the compromise of the GitHub Action tj-actions/changed-files, identified as CVE-2025-30066, red team operators can leverage following techniques during engagements:
- Search for exposed GitHub Personal Access Tokens (PATs).
- Leverage GitHub Actions for code execution.
- Identify and exploit vulnerable third-party CI/CD integrations for initial access, lateral movement or privilege escalation.

Follow my journey of 100 Days of Red Team on WhatsApp, Telegram or Discord.