vulnerability

eslint-config-prettier : CVE-2025-54313 : Prettier eslint-config-prettier Embedded Malicious Code Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Jul 19, 2025	Apr 1, 2026	Apr 1, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Jul 19, 2025

Added

Apr 1, 2026

Modified

Apr 1, 2026

Description

A high-severity supply chain vulnerability exists in several packages within the Prettier and ESLint ecosystem, most notably eslint-config-prettier.
Compromised versions of these packages contain a malicious post-install script that downloads and executes a Trojan (node-gyp.dll) on Windows systems.

Successful exploitation allows for full system compromise, data exfiltration, and persistent backdoors on the affected developer or build environment.

Solution

eslint-config-prettier-cve-2025-54313

References

CVE-2025-54313
https://attackerkb.com/topics/CVE-2025-54313
https://nvd.nist.gov/vuln/detail/CVE-2025-54313

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today