CVE-2025-54313 – This CVE describes a supply chain compromise wh... (How to Fix)

📋 TL;DR

This CVE describes a supply chain compromise where malicious versions of eslint-config-prettier contain embedded malware. Installing affected package versions triggers execution of node-gyp.dll malware on Windows systems. Developers and organizations using these specific package versions in their Node.js projects are affected.

💻 Affected Systems

Products:

eslint-config-prettier

Versions: 8.10.1, 9.1.1, 10.1.6, 10.1.7

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only Windows systems are directly affected by the malware execution, but all installations of affected versions should be considered compromised.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with malware establishing persistence, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Malware installation leading to system compromise, potential credential theft, and unauthorized access to development environments.

🟢

If Mitigated

Limited impact if detected early with malware removal and system restoration from clean backups.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation occurs automatically upon package installation via npm install or similar commands.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions other than 8.10.1, 9.1.1, 10.1.6, 10.1.7

Vendor Advisory: https://github.com/prettier/eslint-config-prettier/issues/339

Restart Required: No

Instructions:

1. Remove affected package versions: npm uninstall eslint-config-prettier
2. Install clean version: npm install eslint-config-prettier@latest
3. Verify package.json uses safe version
4. Run npm audit to confirm no vulnerabilities

🔧 Temporary Workarounds

Pin to safe version

all

Explicitly specify a safe version in package.json to prevent installation of compromised versions

npm install eslint-config-prettier@10.1.5

🧯 If You Can't Patch

Immediately isolate affected systems from network
Perform malware scan and remove node-gyp.dll if present

🔍 How to Verify

Check if Vulnerable:

Check package.json or package-lock.json for affected versions (8.10.1, 9.1.1, 10.1.6, 10.1.7)

Check Version:

npm list eslint-config-prettier

Verify Fix Applied:

Run: npm list eslint-config-prettier and verify version is not affected

📡 Detection & Monitoring

Log Indicators:

npm install logs showing affected versions
Windows Event Logs showing node-gyp.dll execution

Network Indicators:

Unexpected outbound connections from development systems
DNS queries to suspicious domains

SIEM Query:

Process creation where command_line contains 'node-gyp.dll' OR parent_process contains 'npm'

📊 Metadata

CVE ID: CVE-2025-54313

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

CWE: CWE-506

EPSS Score: 4.59% exploit probability (89th percentile)

CISA KEV: Actively Exploited added Jan 22, 2026

Published: July 19, 2025

Last Updated: January 23, 2026

🔗 References

https://github.com/prettier/eslint-config-prettier/issues/339 Issue Tracking
https://news.ycombinator.com/item?id=44608811 Issue Tracking
https://news.ycombinator.com/item?id=44609732 Issue Tracking
https://socket.dev/blog/npm-phishing-campaign-leads-to-prettier-tooling-packages-compromise Third Party Advisory
https://www.bleepingcomputer.com/news/security/popular-npm-linter-packages-hijacked-via-phishing-to-drop-malware/ Exploit,Third Party Advisory
https://www.npmjs.com/package/eslint-config-prettier?activeTab=versions Product
https://www.stepsecurity.io/blog/supply-chain-security-alert-eslint-config-prettier-package-shows-signs-of-compromise Exploit,Third Party Advisory
https://github.com/community-scripts/ProxmoxVE/discussions/6115 Third Party Advisory
https://www.endorlabs.com/learn/cve-2025-54313-eslint-config-prettier-compromise----high-severity-but-windows-only Third Party Advisory
https://www.bleepingcomputer.com/news/security/popular-npm-linter-packages-hijacked-via-phishing-to-drop-malware/ Exploit,Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54313 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54313, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Eslint Config Prettier by Prettier

Eslint Config Prettier by Prettier

Eslint Config Prettier by Prettier

Eslint Config Prettier by Prettier

Eslint Plugin Prettier by Prettier

Eslint Plugin Prettier by Prettier

Got Fetch by Alexghr

Got Fetch by Alexghr

Homarr by Homarr

Napi Postinstall by Un Ts

Pkgr\/core by Un Ts

Synckit by Un Ts

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Pin to safe version

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities