CVE-2025-69263 PNPM Lockfile Integrity Bypass

Jan 27

BLUF

Versions of pnpm (10.26.2 and below) fail to store integrity hashes for HTTP and git-hosted tarball dependencies in the lockfile. This allows a remote server to swap legitimate code for malicious payloads during installation without triggering security warnings, leading to potential Remote Code Execution (RCE) in developer environments or CI/CD pipelines.

Executive Cost Summary

This cost analysis was developed by the CyberDax team using expert judgment and assisted analytical tools to support clarity and consistency.

For organizations affected by a pnpm supply-chain integrity bypass enabling unverified dependency execution in CI/CD or developer environments:

· Low-end total cost: $1.5M – $2.5M

· (Limited exposure, rapid patching, no confirmed malicious execution)

· Typical expected range: $3.0M – $6.5M

· (Multiple pipelines affected, forensic validation, temporary delivery disruption)

· Upper-bound realistic scenarios: $7.0M – $12.0M

· (Confirmed malicious payloads, regulatory review, prolonged rebuilds)

Key Cost Drivers

· Number of CI/CD pipelines and repositories requiring validation

· Presence of HTTP or git-hosted tarball dependencies

· Speed of detection versus duration of exposure

· Credential rotation and artifact re-signing scope

· Regulatory or customer notification thresholds triggered

Potential Affected Sectors

· Software Development

· Technology

· DevOps

· Any organization utilizing Node.js-based CI/CD pipelines.

Potential Impacted Countries

· Global

Date of First Reported Activity

· January 7, 2026

Date of Last Reported Activity Update

· January 12, 2026

Tools Used in Campaign

· Custom-hosted malicious HTTP servers or compromised Git repositories used to serve modified tarballs.

TTPs

Reconnaissance & Resource Development

· T1587.001 Develop Capabilities Malware

o Attackers develop malicious payloads within tarball dependencies to be served upon request.

· T1583.003 Acquire Infrastructure Virtual Private Server

o Attackers set up or compromise remote servers to host and dynamically swap malicious tarball content.

Initial Access

· T1195.001 Supply Chain Compromise Compromise Software Dependencies and Development Tools

o The primary vector involves publishing or modifying a package to include an HTTP/git-hosted tarball dependency that the attacker controls.

Execution

· T1204.002 User Execution Malicious File

o Exploitation occurs when a user or a CI/CD system executes pnpm install or pnpm add, which pulls the unverified malicious dependency.

· T1059 Command and Scripting Interpreter

o Malicious code within the downloaded tarball can execute scripts (e.g., via postinstall) to achieve RCE on the build or developer machine.

Persistence & Evasion

· T1553.006 Subvert Trust Controls Code Signing Policy (Lockfile Bypass)

o The core of the vulnerability is the bypass of the lockfile's "Subresource Integrity" (SRI) mechanism, which is intended to ensure that the installed code matches the originally committed version.

· T1497 Virtualization/Sandbox Evasion

o Attackers can use request metadata (IP addresses, headers, or timing) to serve benign code to security researchers/auditors while serving malicious code only to specific targets or CI/CD environments.

CVSS 3.1

· (8.8) AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Nessus ID

· Not applicable at this time

Is this on the KEV list

· Not at this time

Patch Release Date

· January 7, 2026

URL to patch information

· hxxps://github.com/pnpm/pnpm/commit/0958027f88a99ccefe7e9676cdebba393dfbdc85

Malware Names

· There is no malware associated with CVE-2025-69263 at this time.

Malware Family

Supply chain payload (Generic RCE).

sha256

· Not applicable

o Vulnerability is in the package manager logic, not a specific static file

Known Decoding Key

· N/A

Verdict

· High Risk for supply chain integrity.

Primary Objectives

· Initial access

· Credential theft

· Lateral movement within corporate development networks.

Behavior Analysis

· The package manager downloads a dependency from a remote URL.

· Due to missing hashes, it does not verify if the downloaded file matches the one previously seen, allowing the server to provide a different file containing malicious scripts.

Suggested Rules / Potential Hunts

As a reminder, these are indicator rules. They are likely to be noisy.

For best results consider creating a data model and reviewing the traffic as a report.

Splunk

This hunt identifies pnpm-lock.yaml files that contain HTTP tarball resolutions but lack the integrity field, which is the primary indicator of this vulnerability.

index=main sourcetype="pnpm:lockfile"

| spath input=content

| rename resolution.tarball as tarball_url, resolution.integrity as integrity_hash

| where isnotnull(tarball_url) AND (tarball_url LIKE "http://%" OR tarball_url LIKE "https://%")

| where isnull(integrity_hash)

| table _time, host, file_path, tarball_url

SentinelOne

Monitor for pnpm initiating network connections to non-standard or external HTTP domains followed by suspicious process spawning.

S1QL Query:

Process.Name = "pnpm" AND ChildProcess.Name IN ("sh", "bash", "python", "curl", "wget", "cmd.exe", "powershell.exe")

AND Network.Url CONTAINS ".tgz"

Use code with caution.

Suricata

Alert on HTTP/HTTPS traffic to .tgz files that originate from pnpm clients and lack standard registry headers.

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING PNPM Potential Lockfile Bypass (Insecure Tarball Download)";

flow:established,to_server;

http.method; content:"GET";

http.uri; content:".tgz";

http.user_agent; content:"pnpm";

threshold:type limit, track by_src, count 1, seconds 60;

classtype:web-application-attack; sid:1000001; rev:1;)

Delivery Method

· Delivered through HTTP tarball dependencies and git-hosted tarballs

Email example