# CVE-2025-30154

> reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.

- **CVSS:** 8.6 (HIGH)
- **EPSS:** 15.4%
- **CISA KEV:** yes
- **CWE:** CWE-506, NVD-CWE-Other

Canonical: https://intel.threadlinqs.com/cve/CVE-2025-30154
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp