CVE-2025-69264 in pnpm
Summary
by MITRE • 01/08/2026
pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". While pnpm v10 blocks postinstall scripts via the onlyBuiltDependencies mechanism, git dependencies can still execute prepare, prepublish, and prepack scripts during the fetch phase, enabling remote code execution without user consent or approval. This issue is fixed in version 10.26.0.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 01/13/2026
The vulnerability CVE-2025-69264 affects pnpm package manager versions 10.0.0 through 10.25, representing a critical security flaw that undermines the intended security measures implemented in version 10. This issue specifically targets the handling of git-hosted dependencies during the installation process, creating a pathway for remote code execution that bypasses the security controls designed to prevent unauthorized script execution. The vulnerability stems from the fact that while pnpm v10 introduced protections against postinstall scripts through the onlyBuiltDependencies mechanism, it failed to account for the execution of prepare, prepublish, and prepack scripts that occur during the fetch phase of git dependencies.
The technical flaw manifests in how pnpm processes git-hosted dependencies during installation, where the package manager executes lifecycle scripts from git repositories before the package is fully installed. This execution occurs in the fetch phase rather than the install phase, allowing malicious actors to embed malicious code within these early-stage scripts that run without user consent or approval. The vulnerability directly contravenes the security principle of least privilege by enabling arbitrary code execution during dependency resolution, effectively circumventing the default security settings that should prevent such unauthorized operations. This behavior creates a significant attack surface where remote code execution can occur simply by including a malicious git dependency in a project's package.json file.
The operational impact of this vulnerability is severe as it allows attackers to execute arbitrary code on systems where pnpm is used for package management, potentially leading to complete system compromise. The attack vector is particularly concerning because it requires no user interaction beyond adding a malicious dependency to a project, making it an attractive target for supply chain attacks. The vulnerability affects developers and organizations that rely on pnpm for dependency management, as any project that includes a malicious git-hosted dependency could become compromised during routine installation processes. This creates a persistent threat where legitimate projects can be compromised simply by including a vulnerable dependency, making it particularly dangerous in enterprise environments where multiple developers may be working on projects with shared dependency trees.
Organizations should immediately upgrade to pnpm version 10.26.0 or later to mitigate this vulnerability, as this release includes the necessary fixes to properly restrict script execution during the fetch phase of git dependencies. The mitigation strategy should also include implementing proper dependency validation procedures and considering the use of lock files to prevent unauthorized dependency modifications. Security teams should monitor their dependency trees for any git-hosted dependencies and evaluate the trustworthiness of these sources, as the vulnerability specifically targets the handling of remote git repositories. Additionally, organizations should consider implementing network-level controls to restrict access to external git repositories when possible, though this approach may not fully address the vulnerability since it can be exploited through various git hosting platforms. This vulnerability aligns with CWE-494 and ATT&CK technique T1133, highlighting the intersection of dependency confusion attacks and supply chain compromises in modern software development environments. The fix implemented in version 10.26.0 addresses the core issue by ensuring that all lifecycle scripts from git-hosted dependencies are properly restricted during the fetch phase, maintaining the intended security posture of pnpm v10 while preserving the functionality of legitimate package management operations.