The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday incorporated a weakness associated with the supply chain breach of the GitHub Action, tj-actions/changed-files, into its Known Exploited Vulnerabilities (KEV) database.
This critical vulnerability, identified as CVE-2025-30066 (CVSS score: 8.6), pertains to the compromise of the GitHub Action, allowing for the insertion of harmful code that facilitates a remote