CVE-2025-30154

HIGH KEV

reviewdog/action-setup - Embedded Malicious Code via Compromised GitHub Action

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-30154 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 24, 2025.

Description

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.

References (6)

Core 6

Scores

CVSS v3 8.6
EPSS 0.4423
EPSS Percentile 97.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2025-03-24
VulnCheck KEV 2025-03-24
ENISA EUVD EUVD-2025-6724
CWE
CWE-506
Status published
Products (7)
GitHub Actions/reviewdog/action-setup GitHub Actions
reviewdog/action-ast-grep < 1.26.2
reviewdog/action-composite-template < 0.20.2
reviewdog/action-setup 1
reviewdog/action-shellcheck < 1.29.2
reviewdog/action-staticcheck < 1.26.2
reviewdog/action-typos < 1.17.2
Published Mar 19, 2025
KEV Added Mar 24, 2025
Tracked Since Feb 18, 2026