CVE-2025-54313

Summary

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

Affected Software

VendorProductVersion RangeStatus
prettiereslint-config-prettier8.10.1affected
prettiereslint-config-prettier9.1.1affected
prettiereslint-config-prettier10.1.6affected
prettiereslint-config-prettier10.1.7affected

Weaknesses

  • CWE-506: CWE-506 Embedded Malicious Code

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: partial

Additional References

References