CVE-2025-30154

KEV
Published: Mar 19, 2025 Last Modified: Ott 24, 2025
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,6
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: changed
Confidentiality: high
Integrity: none
Availability: none

Description

AI Translation Available

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,1794
Percentile
0,9th
Updated

EPSS Score Trend (Last 90 Days)

506

Embedded Malicious Code

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
All platforms may be affected
View CWE Details
Application

Action-Composite-Template by Reviewdog

Product Information
Vendor Reviewdog
Product Action-Composite-Template
Version Range Affected
To 0.20.2 (exclusive)
cpe:2.3:a:reviewdog:action-composite-template:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Action-Ast-Grep by Reviewdog

Product Information
Vendor Reviewdog
Product Action-Ast-Grep
Version Range Affected
To 1.26.2 (exclusive)
cpe:2.3:a:reviewdog:action-ast-grep:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Action-Typos by Reviewdog

Product Information
Vendor Reviewdog
Product Action-Typos
Version Range Affected
To 1.17.2 (exclusive)
cpe:2.3:a:reviewdog:action-typos:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Action-Shellcheck by Reviewdog

Product Information
Vendor Reviewdog
Product Action-Shellcheck
Version Range Affected
To 1.29.2 (exclusive)
cpe:2.3:a:reviewdog:action-shellcheck:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Action-Setup by Reviewdog

Product Information
Vendor Reviewdog
Product Action-Setup
Version 1
cpe:2.3:a:reviewdog:action-setup:1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Action-Staticcheck by Reviewdog

Product Information
Vendor Reviewdog
Product Action-Staticcheck
Version Range Affected
To 1.26.2 (exclusive)
cpe:2.3:a:reviewdog:action-staticcheck:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalo…
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025…
https://github.com/reviewdog/action-setup/commit/3f401fe1d5…
https://github.com/reviewdog/action-setup/commit/3f401fe1d58fe77e10d665ab713057…
https://github.com/reviewdog/action-setup/commit/f0d342d240…
https://github.com/reviewdog/action-setup/commit/f0d342d24037bb11d26b9bd8496e08…
https://github.com/reviewdog/reviewdog/issues/2079
https://github.com/reviewdog/reviewdog/issues/2079
https://github.com/reviewdog/reviewdog/security/advisories/…
https://github.com/reviewdog/reviewdog/security/advisories/GHSA-qmg3-hpqr-gqvc
https://www.wiz.io/blog/new-github-action-supply-chain-atta…
https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-…