CVE-2025-10894 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via…
Critical CVSS: 9.6

CVE-2025-10894

Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts.
Vendor
-
Product
-
CWE
CWE-506
Yayın Tarihi
2025-09-24 22:15:35
Güncelleme
2025-09-26 14:32:53
Source Identifier
secalert@redhat.com
KEV Date Added
-

Kategoriler

CWE-506 CRITICAL 2025

Referanslar

https://access.redhat.com/security/cve/CVE-2025-10894 https://access.redhat.com/security/supply-chain-attacks-NPM-packages https://bugzilla.redhat.com/show_bug.cgi?id=2396282 https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c https://www.stepsecurity.io/blog/supply-chain-security-alert-popular-nx-build-system-package-compromised-with-data-stealing-malware https://www.wiz.io/blog/s1ngularity-supply-chain-attack https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c https://www.stepsecurity.io/blog/supply-chain-security-alert-popular-nx-build-system-package-compromised-with-data-stealing-malware