Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-54313
CVE-2025-54313:
JavaScript vulnerability analysis and mitigation
Overview
CVE-2025-54313 affects eslint-config-prettier versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7, which were compromised in a supply chain attack on July 18, 2025. The attack occurred after a maintainer's npm token was stolen through a phishing campaign using a spoofed npmjs.com login page. The compromised versions contained malicious code that executes during package installation on Windows systems (Socket Blog, BleepingComputer).
Technical details
The malicious versions include an install.js script that executes during package installation, which attempts to load a malicious DLL (node-gyp.dll) via rundll32 on Windows systems. The attack specifically targets Windows machines and exits immediately on other platforms. The vulnerability has been assigned a CVSS score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N (Endor Labs).
Impact
The compromised package, which has over 30 million weekly downloads, could potentially affect Windows developers and CI/CD systems that installed the malicious versions. The attack primarily impacts development environments rather than production systems, as eslint-config-prettier is typically used as a development dependency (Socket Blog, BleepingComputer).
Mitigation and workarounds
The affected versions have been deprecated on the npm registry, and clean versions have been published. Users should immediately pin their dependencies to safe versions (8.10.2+, 9.1.2+, 10.1.8+). Organizations should review their package-lock.json or yarn.lock files for references to compromised versions, audit CI/CD logs for unusual activity if affected versions were installed, and rotate any secrets that may have been exposed during affected build processes (Endor Labs).
Community reactions
The security community responded quickly to the incident, with researchers and developers collaborating to identify and analyze the compromise. The package maintainer, JounQin, acknowledged falling victim to the phishing attack and took swift action to deprecate the malicious versions. The incident has sparked discussions about the need for better security practices in the npm ecosystem, particularly around maintainer account security and automated dependency updates (StepSecurity).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management