CVE-2025-69264 Overview
CVE-2025-69264 is a Remote Code Execution (RCE) vulnerability in pnpm, a popular Node.js package manager. The vulnerability affects versions 10.0.0 through 10.25 and allows git-hosted dependencies to execute arbitrary code during pnpm install, bypassing the security feature introduced in v10 that disabled dependency lifecycle scripts execution by default.
While pnpm v10 blocks postinstall scripts via the onlyBuiltDependencies mechanism, git dependencies can still execute prepare, prepublish, and prepack scripts during the fetch phase. This enables remote code execution without user consent or approval, creating a significant supply chain attack vector.
Critical Impact
Attackers can execute arbitrary code on developer machines during package installation by crafting malicious git-hosted dependencies that exploit the prepare, prepublish, and prepack script execution bypass.
Affected Products
- pnpm versions 10.0.0 through 10.25 (Node.js package manager)
Discovery Timeline
- 2026-01-07 - CVE-2025-69264 published to NVD
- 2026-01-12 - Last updated in NVD database
Technical Details for CVE-2025-69264
Vulnerability Analysis
This vulnerability represents a Protection Mechanism Failure (CWE-693) in pnpm's security architecture. The v10 release introduced a security-hardening feature that disables dependency lifecycle script execution by default through the onlyBuiltDependencies mechanism. However, the implementation failed to account for git-hosted dependencies, which follow a different installation pathway.
When pnpm fetches a git-hosted dependency, it clones the repository and prepares it for installation. During this preparation phase, npm lifecycle scripts such as prepare, prepublish, and prepack are executed to build the package before it's added to the project. The onlyBuiltDependencies security control only blocked postinstall scripts but did not extend to these preparation-phase scripts.
This creates an exploitable gap where an attacker can publish a malicious package to a git repository and include code execution payloads in any of the three bypassed lifecycle scripts. When a victim adds this dependency or updates their dependencies, the malicious code executes automatically without any warning or approval prompt.
Root Cause
The root cause stems from an incomplete implementation of the script execution security controls in pnpm v10. The onlyBuiltDependencies mechanism was designed to prevent untrusted scripts from running during installation, but the security boundary did not encompass the git dependency fetch phase. The prepare, prepublish, and prepack scripts are considered necessary for building git-sourced packages, but this assumption created a security gap that bypasses the intended protections.
Attack Vector
An attacker can exploit this vulnerability through the following attack chain:
- Create a malicious git repository containing a Node.js package
- Add malicious code to the prepare, prepublish, or prepack script in package.json
- Convince a victim to add the dependency via git URL (e.g., pnpm add git+https://github.com/attacker/malicious-package)
- Alternatively, compromise an existing git-hosted dependency in the victim's dependency tree
- When the victim runs pnpm install, the malicious scripts execute during the fetch phase
The attack requires no authentication and can be triggered remotely via network-accessible git repositories. The victim receives no warning before code execution occurs.
// Security patch introducing blockExoticSubdeps option
// Source: https://github.com/pnpm/pnpm/commit/73cc63504d9bc360c43e4b2feb9080677f03c5b5
ignoreWorkspaceCycles?: boolean
disallowWorkspaceCycles?: boolean
packGzipLevel?: number
+ blockExoticSubdeps?: boolean
registries: Registries
sslConfigs: Record<string, SslConfig>
The patch introduces a new blockExoticSubdeps configuration option that allows users to block non-trusted dependency sources in subdependencies, providing defense-in-depth against supply chain attacks through git-hosted packages.
Detection Methods for CVE-2025-69264
Indicators of Compromise
- Presence of git-hosted dependencies in package.json or pnpm-lock.yaml files that reference untrusted or recently modified repositories
- Unexpected process spawning during pnpm install operations, particularly child processes not related to known build tools
- Network connections to unexpected external hosts during package installation
- Modifications to system files or user directories following package installation operations
Detection Strategies
- Monitor for pnpm install commands that trigger execution of shell scripts or binaries outside the normal Node.js build toolchain
- Implement file integrity monitoring on developer workstations to detect unauthorized changes during package operations
- Audit dependency manifests for git URL dependencies, especially those pointing to personal repositories or recently created accounts
- Deploy endpoint detection rules that alert on process trees spawned from the pnpm process that execute sensitive system operations
Monitoring Recommendations
- Enable verbose logging for pnpm operations using pnpm install --loglevel debug to capture script execution events
- Implement network monitoring to detect data exfiltration attempts during package installation
- Review git-hosted dependencies during code review and CI/CD pipeline checks
- Use SentinelOne's behavioral AI to detect anomalous process behavior during Node.js development workflows
How to Mitigate CVE-2025-69264
Immediate Actions Required
- Upgrade pnpm to version 10.26.0 or later immediately using npm install -g pnpm@latest
- Audit existing projects for git-hosted dependencies and evaluate their trustworthiness
- Enable the new blockExoticSubdeps option in .npmrc to prevent untrusted subdependency sources
- Consider temporarily switching to registry-hosted versions of dependencies where git URLs are currently used
Patch Information
The vulnerability is fixed in pnpm version 10.26.0. The fix introduces the blockExoticSubdeps configuration option that can be enabled to block non-trusted dependency sources. The security patch is available in the GitHub commit and documented in the GitHub Security Advisory GHSA-379q-355j-w6rj.
Workarounds
- Avoid using git-hosted dependencies until upgrading to the patched version
- Use --ignore-scripts flag when installing dependencies from untrusted sources (note: this may break legitimate packages requiring build steps)
- Pin git dependencies to specific commit hashes rather than branches to reduce exposure window
- Implement allowlisting of permitted git repository sources in your development environment
# Configuration example for .npmrc
# Enable blocking of exotic subdependencies
block-exotic-subdeps=true
# Upgrade pnpm to patched version
npm install -g pnpm@10.26.0
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
