CVE-2025-54313

HIGH KEV

eslint-config-prettier <10.1.7 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-54313 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added January 22, 2026. EIP tracks 3 public exploits from researchers including Paspke, ShinP451, nihilor.

AI-analyzed exploit summary This repository contains a PowerShell and shell script scanner designed to detect indicators of compromise (IOCs) related to the CVE-2025-54313 supply chain attack involving malicious npm packages like eslint-config-prettier. It checks for compromised package versions, suspicious files, and known malicious hashes.

Description

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

Exploits (3)

nomisec SCANNER
by Paspke · poc
https://github.com/Paspke/scavenger_scanner

This repository contains a PowerShell and shell script scanner designed to detect indicators of compromise (IOCs) related to the CVE-2025-54313 supply chain attack involving malicious npm packages like eslint-config-prettier. It checks for compromised package versions, suspicious files, and known malicious hashes.

Classification
Scanner 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: npm packages (eslint-config-prettier, eslint-plugin-prettier, synckit, etc.)
No auth needed
Prerequisites: access to the target filesystem · PowerShell execution permissions
devstral-2 · analyzed Apr 25, 2026 Full analysis →
nomisec SCANNER
by ShinP451 · poc
https://github.com/ShinP451/scavenger_scanner

This repository contains a PowerShell and Bash-based scanner for detecting indicators of compromise (IOCs) related to CVE-2025-54313, a supply chain attack involving compromised npm packages like eslint-config-prettier. The scanner checks for malicious files, suspicious scripts, and known malicious hashes but does not include exploit code.

Classification
Scanner 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: npm packages (eslint-config-prettier, eslint-plugin-prettier, synckit, etc.)
No auth needed
Prerequisites: Access to the filesystem where npm packages are installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec SCANNER
by nihilor · poc
https://github.com/nihilor/cve-2025-54313

This repository contains a Bash script that scans for vulnerable npm packages and suspicious files in a project, specifically targeting supply chain attacks. It checks for known vulnerable package versions, suspicious files like 'node-gyp.dll', and usage of compromised packages in code.

Classification
Scanner 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: npm projects
No auth needed
Prerequisites: npm installed · project with node_modules or package-lock.json
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (10)

Core 10
Core References

Scores

CVSS v3 7.5
EPSS 0.1250
EPSS Percentile 94.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact partial

Details

CISA KEV 2026-01-22
VulnCheck KEV 2025-07-19
ENISA EUVD EUVD-2025-21972
CWE
CWE-506
Status published
Products (18)
alexghr/got-fetch 5.1.1
alexghr/got-fetch 5.1.2
homarr/homarr 1.29.0 - 1.30.0
npm/eslint-config-prettier 8.10.1 - 8.10.2npm
npm/eslint-plugin-prettier 4.2.2 - 4.2.4npm
npm/got-fetch 5.1.11 - 6.0.0npm
npm/napi-postinstall 0.3.1 - 0.3.2npm
npm/synckit 0.11.9 - 0.11.10npm
pkgr/core 0.2.8 - 0.2.9npm
prettier/eslint-config-prettier 8.10.1
... and 8 more
Published Jul 19, 2025
KEV Added Jan 22, 2026
Tracked Since Feb 18, 2026