What is CVE-2025-30154?

A high-severity vulnerability has been identified in the reviewdog action-setup GitHub Action, allowing malicious code to expose secrets. Organizations must take immediate action to mitigate risks associated with this vulnerability.

What is the severity of CVE-2025-30154?

CVE-2025-30154 has a severity rating of HIGH with a CVSS base score of 8.6.

Is CVE-2025-30154 in CISA KEV?

Yes. CVE-2025-30154 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2025-30154 | High Vulnerability in reviewdog action-setup

The vulnerability identified as CVE-2025-30154 affects the reviewdog/action-setup GitHub Action, which is responsible for installing reviewdog. This vulnerability allows malicious code to dump exposed secrets to GitHub Actions Workflow Logs. The compromise occurred on March 11, 2025, between 18:42 and 20:31 UTC. The impact of this vulnerability is significant as it not only affects reviewdog/action-setup but also several other reviewdog actions that depend on it, including reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.

With a CVSS score of 8.6, this vulnerability is classified as high severity. Organizations using these GitHub Actions are at risk of exposing sensitive information through logs, which could lead to further exploitation. Given the critical nature of this vulnerability, organizations should prioritize patching immediately.

This vulnerability has been added to the Known Exploited Vulnerabilities (KEV) catalog, highlighting its potential for active exploitation. The urgency of addressing this issue cannot be overstated, as the window for remediation is narrow. Organizations must act quickly to mitigate the risks involved.

To ensure safety, organizations are advised to apply mitigations as outlined in the CISA guidance and to follow vendor instructions diligently. If patches are not available, organizations may need to consider discontinuing the use of the affected actions.

In summary, the CVE-2025-30154 vulnerability presents a serious risk to organizations utilizing the affected reviewdog GitHub Actions. Immediate action is critical to protect sensitive information and maintain operational integrity.

Vulnerability Details

The vulnerability allows malicious actors to exploit the reviewdog/action-setup GitHub Action, leading to potential exposure of sensitive information through GitHub Actions Workflow Logs. The CVSS score of 8.6 indicates a high severity level, necessitating prompt action from organizations to mitigate the identified risks.

The vulnerability was first published on March 19, 2025, and affects multiple components of the reviewdog suite, including action-ast-grep, action-composite-template, action-shellcheck, action-staticcheck, and action-typos. The primary weakness associated with this vulnerability is classified under CWE-506.

Technical Analysis

The root cause of this vulnerability is attributed to the compromise of the reviewdog/action-setup GitHub Action. During the specified time window, malicious code was injected into the action, resulting in sensitive information being logged. The attack vector is network-based with low complexity and no privileges or user interaction required.

Given that the scope of impact is changed, the confidentiality impact is high due to the exposure of sensitive information. There is no integrity or availability impact associated with this vulnerability.

Risk & Impact Analysis

The real-world risk associated with CVE-2025-30154 is significant, given the potential exposure of sensitive information through GitHub Actions. Organizations that utilize the affected reviewdog actions are at risk of having their secrets logged, which could lead to unauthorized access and exploitation. The urgency for remediation is underscored by the high CVSS score and the vulnerability's inclusion in the KEV catalog.

Organizations should assess their use of the affected reviewdog components and prioritize remediation efforts accordingly. The blast radius potential is extensive, as this vulnerability affects multiple actions, amplifying the risk for organizations that rely on these tools.

Given the critical nature of this vulnerability, organizations should apply mitigations as per CISA guidance and follow vendor instructions to prevent potential exploitation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

The affected versions of the reviewdog actions include:

- reviewdog/action-setup: 1.x.x - reviewdog/action-shellcheck: up to 1.29.2 - reviewdog/action-composite-template: up to 0.20.2 - reviewdog/action-staticcheck: up to 1.26.2 - reviewdog/action-typos: up to 1.17.2 - reviewdog/action-ast-grep: up to 1.26.2

Mitigation & Remediation

To mitigate this vulnerability, organizations should apply patches as soon as they are available. The patches can be found in the following commit links:

Patch information for reviewdog actions should be reviewed, and organizations should ensure they are using the corrected versions. If patches are not feasible, consider discontinuing the use of the affected actions until mitigation steps are implemented.

Organizations should also enforce strict access controls, perform regular audits of their GitHub Actions configurations, and monitor logs for any suspicious activities. Continuous security testing can help identify and address vulnerabilities proactively.

Detection Guidance

Monitoring for unusual log entries and configuration changes in GitHub Actions workflows is essential for early detection of potential exploitation. Organizations should maintain a record of log indicators for GitHub Actions and conduct regular reviews to identify any anomalies.

Behavioral anomalies in workflow executions may also indicate exploitation, and network signatures should be established to detect unauthorized access attempts.

AppSecure Threat Intelligence Insight

The CVE-2025-30154 vulnerability underscores significant trends in supply chain attacks targeting GitHub Actions. As third-party actions become increasingly prevalent, the potential for exploitation grows, exemplifying the need for robust security practices.

Security teams should prioritize the implementation of security testing best practices and consider adopting a comprehensive vulnerability management program to effectively manage risks associated with third-party components.

For further insights on vulnerability management, organizations can refer to our guide on vulnerability management programs and the importance of continuous penetration testing to identify similar weaknesses.

In conclusion, the reviewdog/action-setup vulnerability serves as a critical reminder of the risks associated with third-party actions and the importance of maintaining a proactive security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-30154: High Vulnerability in reviewdog action-setup