CVE-2025-54313

HIGH

CVSS v3

7.5

HIGH

EPSS Score

11.6%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

Technical Details

CVSS v3 Vector
3.1
Published
7/19/2025
Last Modified
1/23/2026

Frequently Asked Questions

What is CVE-2025-54313?

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

Is CVE-2025-54313 actively exploited?

Active exploitation of CVE-2025-54313 has not been confirmed. The EPSS score is 11.6%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2025-54313?

CVE-2025-54313 has a CVSS v3 base score of 7.5 (HIGH severity), with vector string 3.1.

Is CVE-2025-54313 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.

Check an IPSearch CVEs
Back to CVE Database