Introduction
Thousands of developer credentials were stolen and hundreds of npm packages compromised in a coordinated supply chain attack that leveraged the Nx build system. CVE-2025-10894 highlights how a single workflow misconfiguration can cascade into widespread compromise across the JavaScript ecosystem.
Nx, developed by Nrwl, is a widely adopted build system for JavaScript monorepos, powering projects for major enterprises and open source teams. With millions of weekly downloads and deep integration into CI/CD pipelines, a compromise of Nx has far-reaching consequences for the global software supply chain.
Technical Information
The attack chain for CVE-2025-10894 began with exploitation of a GitHub Actions workflow in the Nx repository. The workflow used the pull_request_target trigger, which grants elevated permissions (including a writable GITHUB_TOKEN) to workflows running on pull requests from forks. Attackers crafted pull requests with titles containing bash injection payloads. When the workflow executed, it processed the malicious title, resulting in arbitrary command execution within the CI environment.
This allowed attackers to exfiltrate npm publishing tokens from the workflow environment. With these tokens, they published malicious versions of Nx and related plugins to the npm registry. The affected packages included post-install scripts (such as telemetry.js or embedded code in bundle.js) that executed automatically upon installation.
The malware payload performed the following actions:
- Scanned the file system for sensitive credentials, including:
- SSH private keys
- GitHub personal access tokens
- npm authentication tokens
- Cloud provider credentials (AWS, GCP, Azure)
- Cryptocurrency wallet files (MetaMask, Electrum, Ledger, Trezor, Exodus, Phantom, Solflare)
- Exfiltrated collected credentials by creating new GitHub repositories under the victim's account and uploading the data as repository content
- Detected and leveraged AI command-line tools (Claude, Gemini, Amazon Q) for enhanced reconnaissance when present
- Avoided execution on Windows, targeting only macOS and Linux environments
- Attempted persistence by injecting malicious workflow files into GitHub repositories
The campaign escalated with the release of a self-replicating worm (Shai-Hulud) that used harvested npm credentials to infect additional packages, resulting in over 500 compromised npm projects. The worm automatically identified packages the victim could publish to, injected malicious code, and published new versions, amplifying the attack's reach.
No public code snippets are available for the exact exploit payloads, but the attack chain is well documented in vendor advisories and security research.
Affected Systems and Versions
- Nx build system npm package: Eight specific versions published between August 21 and August 26, 2025 (exact version numbers are available in the official advisory)
- Related Nx plugins published in the same timeframe
- Over 500 npm packages compromised by the Shai-Hulud worm (see StepSecurity and Wiz for lists)
- Vulnerable configurations: Any project or CI/CD pipeline that installed the affected versions during the compromise window, especially on macOS or Linux
Vendor Security History
Nrwl (Nx) has a generally strong security track record, but this is not the first time workflow misconfigurations have led to supply chain risk in the npm ecosystem. Previous incidents have involved similar misuse of GitHub Actions triggers. The vendor responded rapidly by revoking tokens, adopting npm Trusted Publisher, and publishing a detailed postmortem. The npm registry has also faced prior supply chain attacks, underscoring ongoing ecosystem risks.
References
- NVD Entry for CVE-2025-10894
- Red Hat Supply Chain Attacks on NPM Packages
- Red Hat Bugzilla 2396282
- Nx Security Advisory GHSA-cxm3-wv7p-598c
- StepSecurity Blog: Nx Build System Compromised
- Wiz Blog: S1ngularity Supply Chain Attack
- StepSecurity: ctrl-tinycolor and 40+ npm packages compromised
- Wiz: Shai-Hulud npm supply chain attack