{"vulnerability": "CVE-2025-30154", "sightings": [{"uuid": "f1881dc6-d8c1-4a72-97fd-8977d7e6d59c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/3646904", "content": "", "creation_timestamp": "2025-03-24T19:31:05.928285Z"}, {"uuid": "c364c7d3-4f5e-403a-8e3d-aa87e6a244f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3ll5rjrbiyt22", "content": "", "creation_timestamp": "2025-03-24T22:10:33.763746Z"}, {"uuid": "b33afcef-5e1a-4c43-b287-101795343d5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3ll5kcsjbw225", "content": "", "creation_timestamp": "2025-03-24T20:01:24.683400Z"}, {"uuid": "ebc87407-de04-444d-9c86-bdabf84f8ffb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ll5kerdf2c25", "content": "", "creation_timestamp": "2025-03-24T20:02:31.490919Z"}, {"uuid": "a828967b-c957-4ed8-b858-af8c9528ba41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ll7ezcxv3c2f", "content": "", "creation_timestamp": "2025-03-25T13:31:56.929295Z"}, {"uuid": "bb1c05c0-ea8c-4a5e-8f51-641ed8c8e06f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-03-25T08:06:32.000000Z"}, {"uuid": "10c58791-9149-43b7-9de6-b9c6435d7110", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "https://bsky.app/profile/arxivofourminds.bsky.social/post/3ll7gxxty722j", "content": "", "creation_timestamp": "2025-03-25T14:06:59.759984Z"}, {"uuid": "f032cde7-6574-46c5-9bf9-62acc8494375", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-03-24T21:10:02.000000Z"}, {"uuid": "2fcfcaa9-bb41-470c-bdb4-a73b889a070e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "MISP/0d58ff39-a69c-40e6-a9cc-80eb494aa646", "content": "", "creation_timestamp": "2025-03-22T22:33:21.000000Z"}, {"uuid": "02bdd78c-f136-42dd-80a0-2a2db90e2c94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "MISP/0d58ff39-a69c-40e6-a9cc-80eb494aa646", "content": "", "creation_timestamp": "2025-03-21T07:32:37.000000Z"}, {"uuid": "73e0607d-ac6e-4b85-a00f-b042cbc6a92e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "https://bsky.app/profile/opsmatters.bsky.social/post/3llcgnq4rwa26", "content": "", "creation_timestamp": "2025-03-26T18:39:14.277505Z"}, {"uuid": "a16e963d-c1cc-445b-b73e-5790e75d80e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114190588285266939", "content": "", "creation_timestamp": "2025-03-19T18:48:41.600242Z"}, {"uuid": "2fb5a934-2f3a-4451-bd63-ad1fbe2d5260", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3ll6ovlth6l2h", "content": "", "creation_timestamp": "2025-03-25T07:01:46.232458Z"}, {"uuid": "4121b7ac-8a54-422a-8620-3c7532ff35ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3ll6ovqv4z32h", "content": "", "creation_timestamp": "2025-03-25T07:01:46.779634Z"}, {"uuid": "1eaffbc5-0650-4221-8dc8-4934c1d813c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3ll6ovqv4z42h", "content": "", "creation_timestamp": "2025-03-25T07:01:47.330987Z"}, {"uuid": "463fcd7a-1421-4e78-bf70-aea85899ead3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114189869676629359", "content": "", "creation_timestamp": "2025-03-19T15:45:35.384465Z"}, {"uuid": "7206f099-0eb7-4b86-9b46-625801b1c2dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkqtncqwy62m", "content": "", "creation_timestamp": "2025-03-19T18:43:50.834954Z"}, {"uuid": "83e05af4-5d6d-44a1-b30d-1dab7e97315c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lla66arlpu2p", "content": "", "creation_timestamp": "2025-03-25T21:02:06.037404Z"}, {"uuid": "05be37c3-1f36-4e0e-af2d-f2b6cf757866", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2025-30154", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/df851e15-cb9f-4fbd-b211-a2c1b3be7c44", "content": "", "creation_timestamp": "2026-02-02T12:26:04.967622Z"}, {"uuid": "5ed77102-cd65-4776-b288-53c5039dd096", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3ll5eezfipl2s", "content": "", "creation_timestamp": "2025-03-24T18:15:15.786735Z"}, {"uuid": "7d8464c0-98dc-4fe8-8776-cfe9f6bb9853", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "MISP/3e4b778d-5810-4171-a915-f1d106684af4", "content": "", "creation_timestamp": "2025-08-11T18:27:48.000000Z"}, {"uuid": "5e43e451-bfd6-4cd3-b6a4-4f1c2f6eeff7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3llkhomli3c2b", "content": "", "creation_timestamp": "2025-03-29T23:18:58.743150Z"}, {"uuid": "e1452bed-8f6b-4d3b-bb7f-7d3fe1e8d935", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "https://t.me/cvedetector/20645", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30154 - \"Reviewdog Action Setup Secret Disclosure Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-30154 \nPublished : March 19, 2025, 4:15 p.m. | 1\u00a0hour, 11\u00a0minutes ago \nDescription : reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T18:49:21.000000Z"}, {"uuid": "220f87d2-ebc0-49e9-a7e8-95cd68aa6ae9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8098", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30154\n\ud83d\udd25 CVSS Score: 8.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.\n\ud83d\udccf Published: 2025-03-19T15:15:29.113Z\n\ud83d\udccf Modified: 2025-03-19T16:21:02.390Z\n\ud83d\udd17 References:\n1. https://github.com/reviewdog/reviewdog/security/advisories/GHSA-qmg3-hpqr-gqvc\n2. https://github.com/reviewdog/reviewdog/issues/2079\n3. https://github.com/reviewdog/action-setup/commit/3f401fe1d58fe77e10d665ab713057375e39b887\n4. https://github.com/reviewdog/action-setup/commit/f0d342d24037bb11d26b9bd8496e0808ba32e9ec\n5. https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup", "creation_timestamp": "2025-03-19T17:21:01.000000Z"}, {"uuid": "cb4eeb4e-cdc9-4233-a084-03a3f3bbfb9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8569", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30154\n\ud83d\udd25 CVSS Score: 8.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.\n\ud83d\udccf Published: 2025-03-19T15:15:29.113Z\n\ud83d\udccf Modified: 2025-03-24T22:20:22.752Z\n\ud83d\udd17 References:\n1. https://github.com/reviewdog/reviewdog/security/advisories/GHSA-qmg3-hpqr-gqvc\n2. https://github.com/reviewdog/reviewdog/issues/2079\n3. https://github.com/reviewdog/action-setup/commit/3f401fe1d58fe77e10d665ab713057375e39b887\n4. https://github.com/reviewdog/action-setup/commit/f0d342d24037bb11d26b9bd8496e0808ba32e9ec\n5. https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup", "creation_timestamp": "2025-03-24T23:23:29.000000Z"}, {"uuid": "88db5d9c-30a1-4bc5-8cf8-d24d5dac9dfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "seen", "source": "Telegram/1nxUJd1r2Vl_i3BcLbYFmcRkQRAx1kOCE3f---QAF-WqkIU", "content": "", "creation_timestamp": "2025-03-19T16:30:54.000000Z"}, {"uuid": "3499b66a-a447-4963-8540-c1b013dcccd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30154", "type": "exploited", "source": "https://t.me/thehackernews/6538", "content": "\ud83d\udea8 Coinbase dodged a bullet\u2014but 218 repos weren\u2019t so lucky.\n\nA GitHub supply chain attack hijacked tj-actions/changed-files, leaking secrets from 200+ projects.\n\n\ud83d\udd0d CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6\n\ud83c\udfaf Targets: DockerHub, npm, AWS creds\n\ud83d\udd75\ufe0f\u200d\u2642\ufe0f Tactics: Fork PRs, dangling commits, burner GitHub accounts\n\nThis isn\u2019t just a glitch. It\u2019s a playbook for future CI/CD attacks.\n\nWhy it matters now? Thousands still trust infected actions. The exploit may be gone\u2014but the method isn\u2019t.\n\n\ud83d\udd17 Dig deeper before your next push: https://thehackernews.com/2025/03/github-supply-chain-breach-coinbase.html", "creation_timestamp": "2025-03-23T06:33:21.000000Z"}]}