9.6
CVE-2025-10894
- EPSS 0.07%
- Veröffentlicht 24.09.2025 22:15:35
- Zuletzt bearbeitet 26.09.2025 14:32:53
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/nrwl/nx
≫
Paket
nx
Default Statusunaffected
Version
20.12.0
Status
affected
Version
21.8.0
Status
affected
Version
21.7.0
Status
affected
Version
20.11.0
Status
affected
Version
21.6.0
Status
affected
Version
20.10.0
Status
affected
Version
20.9.0
Status
affected
Version
21.5.0
Status
affected
Collection URLhttps://github.com/nrwl/nx
≫
Paket
nx/devkit
Default Statusunaffected
Version
20.9.0
Status
affected
Version
21.5.0
Status
affected
Collection URLhttps://nx.dev/powerpack
≫
Paket
nx/enterprise-cloud
Default Statusunaffected
Version
3.2.0
Status
affected
Collection URLhttps://github.com/nrwl/nx
≫
Paket
nx/eslint
Default Statusunaffected
Version
21.5.0
Status
affected
Collection URLhttps://github.com/nrwl/nx
≫
Paket
nx/js
Default Statusunaffected
Version
20.9.0
Status
affected
Version
21.5.0
Status
affected
Collection URLhttps://github.com/nrwl/nx
≫
Paket
nx/key
Default Statusunaffected
Version
3.2.0
Status
affected
Collection URLhttps://github.com/nrwl/nx
≫
Paket
nx/node
Default Statusunaffected
Version
20.9.0
Status
affected
Version
21.5.0
Status
affected
Collection URLhttps://github.com/nrwl/nx
≫
Paket
nx/workspace
Default Statusunaffected
Version
20.9.0
Status
affected
Version
21.5.0
Status
affected
HerstellerRed Hat
≫
Produkt
Multicluster Global Hub
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
OpenShift Serverless
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Advanced Cluster Management for Kubernetes 2
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Ansible Automation Platform 2
Default Statusunaffected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.205 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 9.6 | 2.8 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
|
CWE-506 Embedded Malicious Code
The product contains code that appears to be malicious in nature.