CVE-2025-59145

Published Sep 15, 2025

Last updated 10 days ago

CVSS high 8.8
npm

Overview

Description
color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct <script> inclusion, or via a bundling tool such as Babel, Rollup, Vite, Next.js, etc.) there is a chance the malware still exists and such bundles will need to be rebuilt. The malware seemingly only targets cryptocurrency transactions and wallets such as MetaMask. See references below for more information on the payload. npm removed the offending package from the registry over the course of the day on 8 September, preventing further downloads from npm proper. On 13 September, the package owner published new patch versions to help cache-bust those using private registries who might still have the compromised version cached. Users should update to the latest patch version, completely remove their node_modules directory, clean their package manager's global cache, and rebuild any browser bundles from scratch. Those operating private registries or registry mirrors should purge the offending versions from any caches. This issue is resolved in 2.0.2.
Source
security-advisories@github.com
NVD status
Deferred

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.8
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-506

Social media

Hype score
Not currently trending

  1. GitHub Copilot Chat の脆弱性 CVE-2025-59145 の修正:プロンプト・インジェクションを遮断 https://t.co/vsYT9kTVLv この問題の原因は、人間には見えない隠し文字である Markdown コメントを、AI アシスタントが正規の指示と

    @iototsecnews

    17 Apr 2026

    203 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Critical flaw in GitHub Copilot enables silent data theft. CVE-2025-59145 (9.6) uses prompt injection to extract sensitive data and exfiltrate it via image URLs. 𝐑𝐞𝐚𝐝 𝐟𝐮𝐥𝐥 𝐬𝐭𝐨𝐫𝐲 :https://t.co/TzSC82Wo9r #CyberSecurity #AI #Infosec https

    @CyberTech_In

    14 Apr 2026

    159 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. #CamoLeak is a high-severity #vuln in #GitHub #Copilot Chat (CVE-2025-59145, CVSS 9.6) that gives attackers ability to silently steal source code, API keys &amp; secrets from private repos w/o executing any malicious code. Good overview from @blackfogprivacy. https://t.co/eh7vLP

    @benrothke

    13 Apr 2026

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. #CamoLeak is a high-severity #vuln in #GitHub #Copilot Chat (CVE-2025-59145, CVSS 9.6) that gives attackers ability to silently steal source code, API keys &amp; secrets from private repos w/o executing any malicious code. Good overview from @blackfogprivacy. https://t.co/eh7vLP

    @benrothke

    13 Apr 2026

    43 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. #CamoLeak is a high-severity #vuln in #GitHub #Copilot Chat (CVE-2025-59145, CVSS 9.6) that gives attackers ability to silently steal source code, API keys &amp; secrets from private repos w/o executing any malicious code. Good overview from @blackfogprivacy. https://t.co/zcBvs6J

    @benrothke

    13 Apr 2026

    54 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. GitHub Copilot Chat’s CamoLeak (CVE-2025-59145, CVSS 9.6) shows how indirect prompt injection can become a data-exfil path: hidden Markdown comments in a PR poisoned Copilot’s context, then encoded secrets were leaked via GitHub’s trusted Camo image proxy https://t.co/BLrUW

    @saravanankalya4

    11 Apr 2026

    211 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 GitHub Copilot Flaw Leaks Sensitive Data: Hackers exploited a high-severity bug (CVE-2025-59145) in Copilot Chat to silently steal code, keys, and secrets from private repos using hidden markdown tricks. Devs, patch now. https://t.co/cuFxbVjyQR

    @StrinGhost

    11 Apr 2026

    5 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 CamoLeak: How Hackers Exploit #GitHub #Copilot’s Invisible Markdown to Steal Your API Keys and Cloud Secrets (#CVE-2025-59145) + Video https://t.co/Par1pAzzk3 Educational Purposes!

    @UndercodeUpdate

    11 Apr 2026

    217 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 CamoLeak Exposed: How Hackers Weaponize #GitHub #Copilot to Drain Your API Keys (#CVE-2025-59145) + Video https://t.co/IwnGKR5w3o Educational Purposes!

    @UndercodeUpdate

    10 Apr 2026

    246 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2025-59145 color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was pub… https://t.co/EqE2kj7Eaw

    @CVEnew

    16 Sept 2025

    713 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Aquasecurity Trivy Embedded Malicious Code VulnerabilityCVE-2026-33634
  2. The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()` method. A malicious FTP server can send directory listings with filenames containing path traversal sequences (`../`) that cause files to be written outside the intended download directory. Version 5.2.0 patches the issue.CVE-2026-27699
  3. set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in (>=2.0.1, < 2.0.5). Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using Array.prototype. This has been fixed in version 2.0.5.CVE-2026-26021
  4. Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an attacker can cause subsequent file entries to be written to arbitrary locations on the host file system. Depending on the extractor’s handling of existing files, this behavior may allow overwriting sensitive files or creating new files in security-critical locations. This issue has been patched in versions 1.10.4 and 2.0.1.CVE-2026-24884
  5. n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.CVE-2026-1470

References

Sources include official advisories and independent security research.