Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2025-32965
CVE-2025-32965:
JavaScript vulnerability analysis and mitigation
Overview
A critical supply chain attack was discovered in xrpl.js, a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. The vulnerability (CVE-2025-32965) affects versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2, which were compromised and contained malicious code designed to exfiltrate private keys. The package, with over 140,000 weekly downloads, was compromised on April 21, 2025, when an attacker gained access to a developer's npm credentials (Aikido Blog, Security Online).
Technical details
The attacker introduced a malicious function named checkValidityOfSeed that secretly transmits wallet credentials to an external domain (0x9c[.]xyz). The compromise was executed through multiple version releases in a short timespan, with the attacker trying different methods to evade detection. The vulnerability has received a CVSS v4.0 score of 9.3 (Critical), indicating its severe nature. The GitHub repository itself remained unaffected by the backdoor (GitHub Advisory, Aikido Blog).
Impact
The vulnerability potentially affects hundreds of applications and websites using the xrpl.js package, putting cryptocurrency wallets at risk of compromise. Any private keys or secrets processed by the affected versions may have been exposed to the attackers, potentially leading to unauthorized access to cryptocurrency funds (Security Online, Aikido Blog).
Mitigation and workarounds
Users are advised to immediately upgrade to patched versions 4.2.5 (for 4.x branch) or 2.14.3 (for 2.x branch). Any private keys or secrets used with affected systems should be rotated immediately. For compromised accounts, users should utilize the XRP Ledger's key rotation mechanisms or disable master keys if potentially compromised (GitHub Advisory, XRPL Docs).
Community reactions
The XRP Ledger Foundation issued a statement clarifying that while the vulnerability affects the JavaScript library, it does not impact the XRP Ledger codebase or GitHub repository itself. The security community has emphasized the severity of this supply chain attack, particularly given the package's widespread use in the cryptocurrency ecosystem (Wiz).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management