CVE-2025-54313
CVE-2025-54313
In short
A popular code formatting tool contains hidden malicious code that runs automatically when you install it on Windows, potentially giving attackers control of your computer.
Technical detail
CVE-2025-54313 involves a supply chain compromise in eslint-config-prettier where malicious install.js script executes node-gyp.dll malware post-installation on Windows systems. The attack vector is package installation without user interaction; pre-conditions include Windows OS and installation of affected versions (8.10.1, 9.1.1, 10.1.6, 10.1.7); impact includes potential system compromise and code execution with user privileges.
Summary generated and translated by AI from the official description.
eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
Affected products
prettier · eslint-config-prettierpublic PoCs found — 2
githubgithub.com/nihilor/cve-2025-54313★ 0githubgithub.com/Paspke/scavenger_scanner★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/community-scripts/ProxmoxVE/discussions/6115https://github.com/prettier/eslint-config-prettier/issues/339https://news.ycombinator.com/item?id=44608811https://news.ycombinator.com/item?id=44609732https://socket.dev/blog/npm-phishing-campaign-leads-to-prettier-tooling-packages-compromisehttps://www.bleepingcomputer.com/news/security/popular-npm-linter-packages-hijacked-via-phishing-to-drop-malware/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54313https://www.endorlabs.com/learn/cve-2025-54313-eslint-config-prettier-compromise----high-severity-but-windows-onlyhttps://www.npmjs.com/package/eslint-config-prettier?activeTab=versionshttps://www.stepsecurity.io/blog/supply-chain-security-alert-eslint-config-prettier-package-shows-signs-of-compromise