External risk intelligence

eslint-config-prettier Supply Chain Compromise

CVE advisoryKnown Exploit

CVE-2025-54313

Certain development tools contain malicious code. When installed, this code can deploy malware on Windows systems, posing a supply chain risk to organizations.

1Halo Surface Signal

Prettier Eslint Config Prettier

8.10.19.1.110.1.610.1.74.2.24.2.30.11.90.2.85.1.15.1.20.3.11.29.0 to before 1.30.0

External exposure likelihood

Halo Surface Signal score for CVE-2025-54313

This vulnerability affects developer tooling and software development dependencies (npm packages) used during the installation or build process. It is not a network-reachable service, web application, or public-facing gateway, but rather a supply chain risk triggered locally on a developer's workstation or within a build pipeline.

Horizon Alert

Summary of the vulnerability and why it matters

Certain versions of `eslint-config-prettier`, a tool used in software development, were compromised with malicious code. This code could execute during the installation process, potentially leading to the deployment of malware on Windows systems. The compromise highlights a supply chain risk where trusted software components can be altered to distribute harmful code.

Vulnerable development tooling
Embedded malicious installation script
Malware deployment on Windows systems

Attack Path

How an attacker could exploit the issue

The attack involves the compromise of software supply chains through malicious code embedded in certain npm packages. When an affected package is installed, it executes a script that launches malware on Windows systems. This compromise impacts organizations relying on these development tools, potentially leading to unauthorized control and data compromise through the execution of malicious code.

Affected packages exposed externally.
Attacker injects malicious code.
Installation triggers malware execution.
Attacker gains system control.

Live Threat

Current exploitation, exposure, and threat context

The discovered malicious code within `eslint-config-prettier` and related packages poses a significant risk through supply chain compromise. Attackers can embed malicious scripts that execute when an affected package is installed, leading to the deployment of malware on Windows systems. This type of attack targets the development process itself, potentially impacting organizations that rely on these tools for code quality and linting.

Likely attacker skill level: Moderate.
Required access or conditions: Installation of compromised package.
Business risk or urgency: High; urgent action recommended.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability involves malicious code embedded within specific versions of the `eslint-config-prettier` package, posing a supply chain risk. When an affected package is installed, it can execute malicious code that launches malware on Windows systems. Organizations should prioritize identifying and addressing the presence of these compromised packages within their development environments and software supply chains.

Identify affected assets and code repositories.
Isolate or remove compromised dependencies.
Remediate, verify, and monitor.

Frequently asked questions

What is eslint-config-prettier and why is it used in software development?

eslint-config-prettier is a configuration package that integrates the Prettier code formatter with ESLint. It ensures that code automatically adheres to a defined style guide, promoting code quality and consistency in development projects.

How does CVE-2025-54313 exploit the eslint-config-prettier package?

CVE-2025-54313 represents a supply chain compromise where malicious code was inserted into specific versions of eslint-config-prettier. When these packages are installed, a malicious install.js file executes, launching node-gyp.dll malware on Windows systems.

What is the weakness class associated with CVE-2025-54313?

The primary weakness class associated with CVE-2025-54313 is CWE-506, which relates to the use of embedded malicious code. This indicates that the vulnerability stems from the deliberate inclusion of harmful code within the software supply chain.

What is the relevance of CVE-2025-54313 to organizations?

This vulnerability is highly relevant as it affects developer tooling and poses a supply chain risk. The compromise of eslint-config-prettier and related packages can lead to malware deployment on Windows systems, impacting the integrity of development pipelines and potentially leading to unauthorized system control. The CISA has included this vulnerability on its Known Exploited Vulnerabilities catalog.

What practical steps should organizations take in response to this compromise?

Organizations should urgently identify and remove affected versions of eslint-config-prettier and related packages from their development environments and software supply chains. Remediating compromised dependencies, verifying the integrity of installed code, and implementing continuous monitoring are crucial steps to mitigate the risk.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.