← ExploitWatch
HomeExploited Vulnerabilities

CVE-2025-30154 — Actively Exploited: action-setup GitHub Action (reviewdog)

reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs.

CVE IDCVE-2025-30154
Vendorreviewdog
Productaction-setup GitHub Action
Vulnerability namereviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
Date added2025-03-24
Remediation due2025-04-14
Known ransomware useUnknown
Required actionApply mitigations as set forth in the CISA instructions linked below. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Descriptionreviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →