🟢 CVE-2025-54313

eslint-config-prettier package was compromised with embedded malicious code that executes during installation. This is a supply chain attack that affects development environments rather than production internet-facing servers.

← Back to Overview
LOW_RISK
Risk Level
7.5
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1195 — Supply Chain Compromise
ATT&CK Technique
LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2025-07-19

Added to CISA KEV: 2026-01-22 187 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-54313 refers to a supply chain attack that compromised the popular npm package `eslint-config-prettier` [4]?id=CVE-2025-54313?kagi_q=CVE-2025-54313.

Overview of the Attack
The vulnerability involved the injection of malicious code into specific versions of the `eslint-config-prettier` package. Attackers reportedly gained access to a maintainer's account by leveraging a typosquatted phishing domain (`npnjs.com`), which allowed them to publish the compromised versions to the npm registry [1].
Key Details
FeatureDescription
Attack TypeSupply chain compromise (malicious package injection) [4]
Exploitation MethodThe malicious code executes automatically upon installation of the affected package [6]
RequirementsNo specific user interaction is required beyond the installation of the package; the payload is specifically targeted at Windows environments [2]
ImpactRemote Code Execution (RCE) on the host machine [3]
Affected Versions8.10.1, 9.1.1, 10.1.6, and 10.1.7 [4]
Additional Information
  • Active Exploitation: The vulnerability was a result of an active supply chain attack where malicious versions were published to the npm registry [1].
  • Targeting: The payload was specifically designed to target Windows machines, utilizing a DLL-based execution method [2] [1].
  • Mitigation: Users are advised to audit their `package.json` and `package-lock.json` files to ensure they are not using the affected versions and to upgrade to secure, non-compromised versions of the package [3].
  • Availability: Security researchers and community members have developed scanners and indicators of compromise (IOCs) to help detect the presence of these malicious versions in development environments [5].

Sources

  1. CVE-2025-54313: When Prettier Got Ugly - CVEReports

    A sophisticated supply chain attack targeting the popular `eslint-config-prettier` npm package. Attackers compromised a maintainer account via a typosquatted phishing domain (`npnjs.com`), allowing them to publish malicious versions containing a Windows-specific DLL payload. This incident highlights…

  2. CVE-2025-54313: eslint-config-prettier Compromise - Endor Labs

    CVE-2025-54313 tracks a supply chain attack on eslint-config-prettier, where four malicious versions of a popular npm library targeted ... CVE-2025-54313 tracks a supply chain attack on eslint-config-prettier, where four malicious versions of a popular npm library targeted Windows machines with a re…

  3. CVE-2025-54313: eslint-config-prettier Supply Chain RCE

    CVE-2025-54313 is a supply chain RCE vulnerability in eslint-config-prettier that executes malicious code during package installation. This article covers the technical details, affected versions, security impact, and mitigation. ... CVE-2025-54313 is a supply chain RCE vulnerability in eslint-confi…

  4. CVE-2025-54313 Detail - NVD

    eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected ... Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure…

  5. Paspke/scavenger_scanner: Detect CVE-2025-54313 eslint-config ...

    Detect CVE-2025-54313 eslint-config-prettier supply chain attack IOCs on Windows - Paspke/scavenger_scanner.

  6. CVE-2025-54313 - Endor Patches

    eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed