CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-54313

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.044

EPSS Ranking 88.7%

CVSS Severity

CVSS v3 Score 7.5

Proposed Action

Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

Ransomware Campaign

Unknown

References

Products affected by CVE-2025-54313

Alexghr » Got-Fetch » Version: 5.1.1

cpe:2.3:a:alexghr:got-fetch:5.1.1
Alexghr » Got-Fetch » Version: 5.1.2

cpe:2.3:a:alexghr:got-fetch:5.1.2
Homarr » Homarr » Version: Any

cpe:2.3:a:homarr:homarr:*
Prettier » Eslint-Config-Prettier » Version: 10.1.6

cpe:2.3:a:prettier:eslint-config-prettier:10.1.6
Prettier » Eslint-Config-Prettier » Version: 10.1.7

cpe:2.3:a:prettier:eslint-config-prettier:10.1.7
Prettier » Eslint-Config-Prettier » Version: 8.10.1

cpe:2.3:a:prettier:eslint-config-prettier:8.10.1
Prettier » Eslint-Config-Prettier » Version: 9.1.1

cpe:2.3:a:prettier:eslint-config-prettier:9.1.1
Prettier » Eslint-Plugin-Prettier » Version: 4.2.2

cpe:2.3:a:prettier:eslint-plugin-prettier:4.2.2
Prettier » Eslint-Plugin-Prettier » Version: 4.2.3

cpe:2.3:a:prettier:eslint-plugin-prettier:4.2.3
Un-Ts » Napi-Postinstall » Version: 0.3.1

cpe:2.3:a:un-ts:napi-postinstall:0.3.1
Un-Ts » Pkgr/core » Version: 0.2.8

cpe:2.3:a:un-ts:pkgr/core:0.2.8
Un-Ts » Synckit » Version: 0.11.9

cpe:2.3:a:un-ts:synckit:0.11.9
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-54313

Products

Pricing

Contact Us