GitHub security advisory (AV25-148)

Serial number: AV25-148
Date: March 19, 2025

On March 15, 2025, GitHub published a security advisory to address a vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. in the following product:

• tj-actions/changed-files GitHub Actions – versions 45.07 and prior

On March 18, 2025, CISA added CVE-2025-30066 to their Known Exploited Vulnerabilities (KEV) Catalog.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• GHSA-mrrh-fwg8-r2c3
• CISA - Known Exploited Vulnerabilities Catalog