7.5
CVE-2025-54313
- EPSS 6.73%
- Veröffentlicht 19.07.2025 00:00:00
- Zuletzt bearbeitet 23.01.2026 18:33:09
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Logineslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Prettier ≫ Eslint-config-prettier Version8.10.1 SwPlatformnode.js
Prettier ≫ Eslint-config-prettier Version9.1.1 SwPlatformnode.js
Prettier ≫ Eslint-config-prettier Version10.1.6 SwPlatformnode.js
Prettier ≫ Eslint-config-prettier Version10.1.7 SwPlatformnode.js
Prettier ≫ Eslint-plugin-prettier Version4.2.2 SwPlatformnode.js
Prettier ≫ Eslint-plugin-prettier Version4.2.3 SwPlatformnode.js
Un-ts ≫ Napi-postinstall Version0.3.1 SwPlatformnode.js
22.01.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog
Prettier eslint-config-prettier Embedded Malicious Code Vulnerability
SchwachstellePrettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.73% | 0.912 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@mitre.org | 7.5 | 2.2 | 4.7 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
|
CWE-506 Embedded Malicious Code
The product contains code that appears to be malicious in nature.