CVE-2025-69262 Overview
CVE-2025-69262 is a command injection vulnerability in pnpm, a widely used JavaScript package manager. The flaw affects versions 6.25.0 through 10.26.2 and stems from unsafe environment variable substitution in .npmrc configuration files when tokenHelper settings are used. An attacker who controls environment variables during pnpm operations can achieve remote code execution in build environments such as continuous integration (CI) pipelines. The issue is classified under CWE-78 (OS Command Injection) and is fixed in version 10.27.0.
Critical Impact
Attackers who influence environment variables during a pnpm invocation can execute arbitrary OS commands, leading to code execution and supply chain compromise in build pipelines.
Affected Products
- pnpm versions 6.25.0 through 10.26.2
- Node.js projects using .npmrc with tokenHelper configuration
- CI/CD build environments invoking vulnerable pnpm releases
Discovery Timeline
- 2026-01-07 - CVE-2025-69262 published to the National Vulnerability Database (NVD)
- 2026-01-12 - Last updated in NVD database
Technical Details for CVE-2025-69262
Vulnerability Analysis
The vulnerability resides in how pnpm processes the tokenHelper directive declared in .npmrc configuration files. The tokenHelper option specifies an external command that returns an authentication token for registry operations. When the configured command string includes environment variable references, pnpm performs variable substitution before executing the helper through a shell. The substitution occurs without sanitization or argument-array separation, allowing shell metacharacters embedded in environment variable values to break out of the intended command context.
An attacker capable of setting an environment variable consumed by tokenHelper can inject shell operators such as ;, &&, or backticks. The injected payload runs with the privileges of the user invoking pnpm, which in build systems is typically a CI runner account with access to source code, secrets, and registry credentials.
Root Cause
The root cause is unsafe construction of a shell command from attacker-influenced input. The tokenHelper resolver performs string-level expansion of environment variables and passes the result to a shell rather than executing the helper binary directly with a fixed argument vector. This pattern is a textbook instance of CWE-78, OS Command Injection.
Attack Vector
Exploitation requires local access in the sense that the attacker must influence environment variables present when pnpm executes. In practice, this includes: a malicious dependency or postinstall script that exports variables before invoking subsequent pnpm commands, a compromised CI configuration file that defines tainted variables, or a shared build agent where one job can influence the environment of another. Successful exploitation yields arbitrary command execution within the build context, enabling theft of registry tokens, modification of published artifacts, and lateral movement into adjacent pipelines.
No public proof-of-concept exploit is listed in the vendor advisory. Technical details are documented in the GitHub Security Advisory GHSA-2phv-j68v-wwqx.
Detection Methods for CVE-2025-69262
Indicators of Compromise
- Unexpected child processes spawned by the pnpm binary during install or publish operations, particularly shells (sh, bash, cmd.exe) executing non-helper commands.
- .npmrc files containing tokenHelper entries that reference environment variables wrapped with shell metacharacters such as ;, |, &, $(), or backticks.
- Outbound network connections initiated from pnpm-spawned processes to hosts unrelated to configured registries.
- Modifications to ~/.npmrc, project-level .npmrc, or environment files in repositories immediately preceding a build.
Detection Strategies
- Audit all .npmrc files across repositories and developer workstations for the tokenHelper directive and review any environment variables it consumes.
- Compare installed pnpm versions against the patched release 10.27.0 using software bill of materials (SBOM) data or pnpm --version output collected from build agents.
- Inspect CI job definitions for environment variables whose values are derived from untrusted sources such as pull request metadata, forked branches, or third-party webhooks.
Monitoring Recommendations
- Enable process-tree telemetry on build agents and alert on shell processes parented by pnpm or node during dependency resolution.
- Forward build logs and process events to a centralized analytics platform to identify anomalous command execution patterns across pipelines.
- Monitor outbound DNS and HTTP traffic from CI runners for connections that do not match an allowlist of package registries and internal services.
How to Mitigate CVE-2025-69262
Immediate Actions Required
- Upgrade pnpm to version 10.27.0 or later on all developer workstations, build agents, and container images.
- Inventory every .npmrc file in active repositories and remove or sanitize tokenHelper entries that reference environment variables.
- Rotate any registry authentication tokens that may have been accessible to vulnerable build environments.
- Restrict which environment variables CI jobs accept from untrusted sources such as pull requests originating from forks.
Patch Information
The pnpm maintainers released the fix in version 10.27.0. Release notes are available at the GitHub pnpm Release v10.27.0 page, and the advisory is published as GHSA-2phv-j68v-wwqx. Upgrading is the recommended remediation path.
Workarounds
- Remove tokenHelper from .npmrc files and use static authentication tokens supplied through secret managers when upgrading is not immediately possible.
- Pin pnpm to a fixed version in CI to prevent unintentional downgrades to vulnerable releases.
- Run builds inside ephemeral, isolated containers so command injection cannot persist or pivot across jobs.
- Constrain CI environment variables to an explicit allowlist and reject values containing shell metacharacters.
# Upgrade pnpm to the patched release
npm install -g pnpm@10.27.0
# Verify the installed version is no longer vulnerable
pnpm --version
# Audit repositories for tokenHelper usage
grep -rEn '^\s*tokenHelper' . --include='.npmrc'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
