CVE-2025-69262
medium
Red Hat CVSS v3 Base Score
7.5
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.1%
Exploitation probability in 30 days
Top 76% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Vulnerability Report
Generated by CyberWatcher
Description
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code Execution (RCE) in build environments. This issue is fixed in version 10.27.0.
CWE
CWE-78Affected Products
Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Pack