CVE-2025-54313
Description
Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.
CISA KEV
- Vendor
- Prettier
- Product
- eslint-config-prettier
- Due date
- 2026-02-12
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cisa-kev — This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://www.npmjs.com/package/eslint-config-prettier?activeTab=versions ; https://github.com/prettier/eslint-config-prettier/issues/339#issuecomment-3090304490 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54313
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2025-54313.html
Exploits
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| npm | eslint-config-prettier | >=8.10.1,<8.10.2 | 8.10.2 |
| npm | eslint-config-prettier | >=9.1.1,<9.1.2 | 9.1.2 |
| npm | eslint-config-prettier | >=10.1.6,<10.1.8 | 10.1.8 |
| npm | eslint-plugin-prettier | >=4.2.2,<4.2.4 | 4.2.4 |
| npm | synckit | >=0.11.9,<0.11.10 | 0.11.10 |
| npm | @pkgr/core | >=0.2.8,<0.2.9 | 0.2.9 |
| npm | napi-postinstall | >=0.3.1,<0.3.2 | 0.3.2 |
| npm | got-fetch | >=5.1.11,<6.0.0 | 6.0.0 |
References
- https://www.suse.com/security/cve/CVE-2025-54313.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-54313
- https://github.com/prettier/eslint-config-prettier/issues/339
- https://github.com/prettier/eslint-config-prettier/commit/9b0b0a47ec28a7a83cf65e8436a8776910379385
- https://github.com/prettier/eslint-plugin-prettier/commit/ec39dd4400f10c52d10cd991c10fa8de51ceb854
- https://github.com/un-ts/napi-postinstall/commit/38b4e95cf554e2549b9e1e2c4ff6bff4da9a65f9
- https://github.com/un-ts/pkgr/commit/e1420c99e44d8a2ae949381f9fbe1af5ba9cb1dd
- https://github.com/un-ts/synckit/commit/8f2ee32d4f75736a1c8d7e1101190a71e48909e4
- https://www.stepsecurity.io/blog/supply-chain-security-alert-eslint-config-prettier-package-shows-signs-of-compromise
- https://www.npmjs.com/package/eslint-config-prettier?activeTab=versions
- https://www.endorlabs.com/learn/cve-2025-54313-eslint-config-prettier-compromise----high-severity-but-windows-only
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54313
- https://www.bleepingcomputer.com/news/security/popular-npm-linter-packages-hijacked-via-phishing-to-drop-malware
- https://socket.dev/blog/npm-phishing-campaign-leads-to-prettier-tooling-packages-compromise
- https://secure.software/npm/packages/got-fetch
- https://news.ycombinator.com/item?id=44609732
- https://news.ycombinator.com/item?id=44608811
- https://github.com/prettier/eslint-config-prettier
- https://github.com/community-scripts/ProxmoxVE/discussions/6115
- https://checkmarx.com/zero-post/supply-chain-phishing-campaign-drops-more-malware-into-npm-got-fetch-5-1
- This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://www.npmjs.com/package/eslint-config-prettier?activeTab=versions ; https://github.com/prettier/eslint-config-prettier/issues/339#issuecomment-3090304490 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54313
Verify integrity in audit chain (admin only). AS-IS.