Vulnerabilities

CVE-2025-10894

by Fred · 24/09/2025

Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo under user’s accounts.

More information : https://access.redhat.com/security/cve/CVE-2025-10894

Similar

Tags: Cybersecurity Alert