CVE-2025-54313
Published Jul 19, 2025
Last updated a month ago
- Description
- eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- eslint-config-prettier, eslint-plugin-prettier, synckit, pkgr\/core, got-fetch, napi-postinstall, homarr
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 4.7
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Prettier eslint-config-prettier Embedded Malicious Code Vulnerability
- Exploit added on
- Jan 22, 2026
- Exploit action due
- Feb 12, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cve@mitre.org
- CWE-506
- Hype score
- Not currently trending
CVE-2025-68645 CVE-2025-34026 CVE-2025-31125 CVE-2025-54313 CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities Jan 23, 2026 https://t.co/8V92lYMDDx
@tdatwja
24 Jan 2026
317 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA KEV update: 4 vulnerabilities are confirmed exploited in the wild: Versa Concerto (CVE-2025-34026), Zimbra Classic UI (CVE-2025-68645), Vite dev server exposure (CVE-2025-31125), and a eslint-config-prettier supply chain trojan (CVE-2025-54313). What to patch and check:
@Anavem_
23 Jan 2026
786 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Adds 4 Actively Exploited Flaws to KEV: Prettier Supply-Chain, Vite, Versa SD-WAN, and Zimbra CISA added four vulnerabilities to the KEV catalog after confirmed in-the-wild exploitation, including malicious code in eslint-config-prettier (CVE-2025-54313) that drops
@ThreatSynop
23 Jan 2026
65 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🦺 CVE-2025-54313 Had to check a lot of projects regarding #CVE202554313, #isSupplyChainAttack. This script runs some checks and reduces the amount of time. It's not perfect yet. Script: https://t.co/zirgN3xpdW Details: https://t.co/iDbvTLav9Q
@marklubkowitz
26 Jul 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-54313 Supply Chain Compromise in eslint-config-prettier Packages via Malicious Install Script https://t.co/VpQsNvZGrE
@VulmonFeeds
19 Jul 2025
109 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54313 eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install… https://t.co/OkJtFiexVs
@CVEnew
19 Jul 2025
719 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prettier:eslint-config-prettier:8.10.1:*:*:*:*:node.js:*:*",
"matchCriteriaId": "B43B0C8D-0662-45E9-ADA9-AA6A8A5AC042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:prettier:eslint-config-prettier:9.1.1:*:*:*:*:node.js:*:*",
"matchCriteriaId": "9CAD3812-C7C4-443C-BFFE-3B7751EBCB38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:prettier:eslint-config-prettier:10.1.6:*:*:*:*:node.js:*:*",
"matchCriteriaId": "64749F3A-C896-4133-8C21-4C2439780CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:prettier:eslint-config-prettier:10.1.7:*:*:*:*:node.js:*:*",
"matchCriteriaId": "C9CE9AC7-568C-43CF-8417-ADA21CECB3A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prettier:eslint-plugin-prettier:4.2.2:*:*:*:*:node.js:*:*",
"matchCriteriaId": "3A8983B4-86E8-4B13-95A1-EEF13107122B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:prettier:eslint-plugin-prettier:4.2.3:*:*:*:*:node.js:*:*",
"matchCriteriaId": "F22A30A9-BA7F-4B49-8C9B-547E79F1CD46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:un-ts:synckit:0.11.9:*:*:*:*:node.js:*:*",
"matchCriteriaId": "92E47D68-A074-4FFD-8A7C-91BC032A95E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:un-ts:pkgr\\/core:0.2.8:*:*:*:*:node.js:*:*",
"matchCriteriaId": "CDB0E59B-E301-4686-88E0-A107B823FE77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alexghr:got-fetch:5.1.1:*:*:*:*:node.js:*:*",
"matchCriteriaId": "9839FE3B-999A-4CA8-AE29-C6854B13A1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexghr:got-fetch:5.1.2:*:*:*:*:node.js:*:*",
"matchCriteriaId": "6AA8D543-56F5-438E-B99B-ECD89642C416",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:un-ts:napi-postinstall:0.3.1:*:*:*:*:node.js:*:*",
"matchCriteriaId": "044AD411-E619-4FAE-8506-3C44FBBC5666",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:homarr:homarr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3427958-A7B3-4FBA-A8D8-7F04C04E5F2F",
"versionEndExcluding": "1.30.0",
"versionStartIncluding": "1.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]