Google Gemini CLI Flaw Earns Perfect CVSS 10 Score as Supply-Chain Attacks Surge Across SAP npm, WordPress Plugins

A cluster of critical supply-chain vulnerabilities has pushed enterprise security infrastructure into heightened alert, with researchers documenting a Google command-line tool rated at the maximum achievable severity alongside ongoing campaigns targeting SAP developer ecosystems and tens of thousands of WordPress installations.

Google has released patches for Gemini CLI, addressing a remote code execution vulnerability that scored a perfect 10.0 on the Common Vulnerability Scoring System. The flaw enabled supply-chain code execution, meaning attackers could inject malicious code during legitimate software distribution. The CVSS 10 rating places it among the most severe vulnerabilities publicly disclosed in recent memory, affecting an AI development tool used for interfacing with Google's Gemini models.

Simultaneously, official SAP npm packages were compromised in what researchers have attributed to the TeamPCP campaign. The attack targeted developer tooling used across enterprise resource planning environments, raising the risk of downstream infections reaching business-critical systems. In a separate but thematically linked development, the WordPress Redirect Plugin was found to have harbored a dormant backdoor for five years across approximately 70,000 websites before detection.

The Sandhills Medical ransomware incident compounded the security landscape, with 170,000 patient records confirmed exposed. Threat actors operating under the Silver Fox designation were observed deploying a new backdoor called ABCDoor alongside ValleyRAT in phishing campaigns themed around tax filings. The Qinglong Task Scheduler remote code execution vulnerability was reported under active exploitation, signaling continued targeting of misconfigured or unpatched infrastructure.

The convergence of maximum-severity AI tooling flaws, npm ecosystem compromise, and multi-year persistence operations underscores accelerating sophistication in supply-chain attack methodologies. Security teams are urged to verify patching status across all affected platforms, audit third-party dependencies, and monitor for indicators of compromise associated with the identified threat actors.