editorially independent. We may make money when you click on links
to our partners.
Learn More
A newly disclosed command-injection vulnerability in the glob CLI — one of the most widely used utilities in the JavaScript ecosystem — has put countless CI pipelines at risk of silent compromise.
The flaw allows attackers to execute arbitrary commands simply by controlling a filename processed through glob -c.
“This vulnerability could’ve led to remote code execution on the systems that host the software we use every day. When a trusted tool that’s downloaded millions of times a week can be used to run commands from attackers, we must start thinking of it as a supply-chain risk,” said Stanislav Fort, Founder and Chief Scientist at AISLE.
He added “A single malicious filename provided in a pull request could’ve compromised secrets or silently rendered build artifacts and release pipelines vulnerable. While the patches are out, this vulnerability serves as a reminder that the tools we take for granted as part of everyday work can be exploited by attackers to access pathways we didn’t recognize.”
The Impact of the Glob CLI Vulnerability
The flaw (CVE-2025-64756) affects glob versions 10.2.0 through 11.0.3, impacting any workflow that uses the CLI with the -c/–cmd option.
With more than 10 million weekly downloads, glob underpins build tools, automation scripts, and CI/CD platforms across industries.
Any environment that processes untrusted filenames — such as pull requests, extracted archives, or user uploads — may have been exposed.
Researchers warn that this flaw demonstrates the growing risks inherent in software supply chains and developer tooling.
How the Glob CLI Flaw Allows Command Injection
The root cause of the issue lies in how the glob CLI implemented the -c option.
While the feature was intended to run a command over files matched by a glob pattern, affected versions instead passed those filenames directly into a system shell using shell: true.
This created a dangerous ambiguity, because POSIX shells interpret characters such as $(…), backticks, pipes, and other metacharacters as executable syntax rather than literal text.
As a result, a malicious filename could break out of its argument position and execute arbitrary commands.
Because this behavior enabled full code execution, credential theft, and supply chain tampering, the vulnerability carries a CVSS score of 7.5 (High).
Exploitation requires very little effort for threat actors.
A single crafted filename — such as $(touch injected_poc) — is enough to weaponize any workflow that invokes the glob CLI with the -c flag.
This risk becomes especially severe in continuous integration (CI) environments. When a job runs a command like glob -c echo “**/*”, the glob CLI recursively matches files in the repository and passes all filenames into the echo command.
Under normal conditions, this would simply print the file list. But because vulnerable versions of glob executed commands through a shell, the filenames were inserted directly into a shell command string.
If even one of those filenames contains shell metacharacters or command-substitution syntax, the shell interprets it as live code rather than a filename.
In practice, this means a malicious filename like $(touch injected_poc) becomes an instruction rather than a harmless string.
As soon as the CI job invokes glob -c echo “**/*”, the shell evaluates the embedded payload and executes touch injected_poc with the CI runner’s privileges.
Those privileges often include access to source code, environment variables, cloud credentials, and software publishing tokens.
What appears to be a harmless file-listing step becomes silent execution of attacker-controlled commands, making this a significant supply-chain threat.
No user interaction is required beyond triggering a CI workflow on a repository containing a single malicious filename.
Key Mitigations to Reduce Supply Chain Risk
To reduce exposure to this vulnerability and strengthen pipeline security, organizations should take a layered approach.
- Upgrade to a patched version of glob (v10.5.0, v11.1.0, or v12.0.0) and replace any use of glob -c with the safer –cmd-arg/-g flag.
- Audit codebases, CI workflows, and automation scripts for shell-based patterns or unsafe filename handling, and remove or refactor any commands that implicitly invoke a shell.
- Treat all filenames as untrusted input by validating, sanitizing, or quarantining files containing shell metacharacters, especially in CI pipelines, file-processing services, and user-upload workflows.
- Segment and harden CI/CD environments by isolating untrusted jobs, restricting privileges, and using ephemeral or tightly scoped credentials.
- Limit shell execution within CI runners by preferring non-shell execution modes and enforcing least-privilege configurations for all automated steps.
- Restrict or monitor outbound network access from CI environments to detect or block suspicious activity such as unauthorized file creation, credential access, or external exfiltration attempts.
- Adopt broader supply-chain safeguards — such as artifact signing, provenance tracking, and regular script audits — to detect tampering and prevent compromised builds from propagating downstream.
These steps help build resilience against this and similar supply chain threats.
Hidden Risks in Everyday Dev Tools
This vulnerability underscores how overlooked design decisions in common development tools can introduce serious security risks.
In this case, the issue wasn’t a coding mistake but an assumption about how filenames would be handled — a gap traditional scanners can miss.
As organizations rely more on automation and open-source tooling, flaws in build utilities can quickly propagate through the software supply chain.
CVE-2025-64756 is a practical reminder that even routine workflow features warrant careful review to prevent unintended exposure.
This challenge highlights why more organizations are turning to zero-trust approaches to better control how tools, users, and automated workflows interact across the software supply chain.
