CriticalPublic exploit

Malicious Nx npm Package Supply-Chain Compromise

IdentifiersCVE-2025-10894CWE-506· Embedded Malicious Code

CVE-2025-10894 refers to a supply-chain compromise of the Nx build system and related @nx npm plugins in which malicious code was inserted into published packages on the npm registry. The attack chain began with compromise of the Nx GitHub Actions environment via a workflow using pull_request_target on forked pull requests; attackers reportedly injected bash payloads through pull request titles, obtained arbitrary command execution in CI, and stole npm publishing credentials. Using those credentials, they published tampered Nx package versions and related plugins. The malicious packages executed post-install payloads, including code in files such as telemetry.js or bundle.js, that scanned victim file systems for SSH keys, GitHub and npm tokens, cloud credentials, and cryptocurrency wallet data, then exfiltrated the collected material by creating GitHub repositories under the victim's account and uploading the data there. The malware also modified shell startup files and attempted persistence through malicious workflow injection into repositories. The campaign primarily targeted macOS and Linux systems.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Installation of an affected Nx or related @nx package version can result in immediate compromise of the installing developer workstation or CI/CD runner. Observed impacts include theft of SSH private keys, GitHub personal access tokens, npm authentication tokens, cloud provider credentials, and cryptocurrency wallet material; unauthorized creation of GitHub repositories under victim accounts for exfiltration; modification of .zshrc and .bashrc; and potential follow-on compromise of source code, package publishing pipelines, cloud environments, and downstream software supply chains. Because stolen npm credentials were used to infect additional publishable packages, successful compromise can also enable propagation into other npm projects and broader ecosystem compromise.

Mitigation

If you can’t patch tonight, do this now.

Immediately assess exposure by checking GitHub security logs for repo.create events and repositories matching known attacker patterns such as 's1ngularity-repository', inspecting systems for indicators such as /tmp/inventory.txt, and reviewing .zshrc and .bashrc for unauthorized modifications. Stop using affected package versions, clear npm, yarn, pnpm, and npx caches, and purge compromised artifacts from internal mirrors. Revoke GitHub CLI app authorization and invalidate potentially exposed gh tokens. Restrict or harden CI workflows to prevent similar token theft, including avoiding unsafe pull_request_target patterns for untrusted fork input, minimizing token permissions, and adopting trusted publishing mechanisms such as npm Trusted Publisher.

Remediation

Patch, then assume compromise.

Remove all affected Nx and related @nx package versions from developer systems, CI images, internal registries, caches, and proxies, and reinstall only known-safe versions. The advisory indicates the malicious versions were removed from npm and that safe current versions should be used; Nx Console for VSCode should be upgraded to 18.66.0 or later. Revoke and rotate all potentially exposed secrets, including GitHub tokens, npm tokens, SSH keys, cloud credentials, and any other secrets present on impacted hosts or in environment variables. Review GitHub accounts and organizations for unauthorized repositories and workflow changes, and restore or rebuild compromised systems and CI runners from trusted baselines where necessary. Ensure package acquisition uses cleaned caches and trusted sources only.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

NrwlDevkitapplication

NrwlEnterprise-Cloudapplication

NrwlEslintapplication

NrwlJsapplication

NrwlKeyapplication

NrwlNodeapplication

NrwlNxapplication

NrwlWorkspaceapplication

Nx@Nx/Devkitapplication

Nx@Nx/Enterprise-Cloudapplication

Nx@Nx/Eslintapplication

Nx@Nx/Jsapplication

Nx@Nx/Keyapplication

Nx@Nx/Nodeapplication

Nx@Nx/Workspaceapplication

NxNxapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

zeropath blogNews

Sep 24, 2025

Nx npm Supply Chain Attack (CVE-2025-10894): Brief Summary and Technical Review - ZeroPath Blog | ZeroPath

A supply chain compromise involving the Nx build system, where a GitHub Actions workflow misconfiguration enabled arbitrary command execution in CI, theft of npm publishing tokens, and publication of malicious Nx packages that led to broader npm ecosystem compromise.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware1

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity4

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2025-10894

NVD

nvd.nist.gov/vuln/detail/CVE-2025-10894

MITRE CWE · CWE-506

Embedded Malicious Code

access.redhat.com

access.redhat.com/security/cve/CVE-2025-10894

access.redhat.com

access.redhat.com/security/supply-chain-attacks-NPM-packages

bugzilla.redhat.com

bugzilla.redhat.com/show_bug.cgi?id=2396282

github.com

github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c

stepsecurity.io

stepsecurity.io/blog/supply-chain-security-alert-popular-nx-build-system-package-compromised-with-data-stealing-malware

wiz.io

wiz.io/blog/s1ngularity-supply-chain-attack