CVE-2025-54313 is a supply chain vulnerability classified under CWE-506 (Embedded Malicious Code) that affects the eslint-config-prettier package versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7. eslint-config-prettier is a popular configuration package used to disable ESLint rules that conflict with Prettier formatting, widely adopted in JavaScript and TypeScript development. The malicious code is embedded within the package's installation script (install.js), which executes automatically upon installation. On Windows platforms, this script launches a malware payload named node-gyp.dll, which is likely a malicious dynamic link library designed to compromise system integrity. The attack vector requires no privileges or user interaction beyond installing the compromised package, making it a critical supply chain risk. The CVSS 3.1 score of 7.5 indicates a network attack vector with high impact on integrity and low impact on confidentiality, no impact on availability, and high attack complexity. The vulnerability's scope is broad given the widespread use of eslint-config-prettier in development environments globally. Although no active exploits have been reported, the presence of embedded malware in a trusted package poses significant risk to software supply chains and downstream consumers. The lack of available patches at the time of disclosure necessitates urgent remediation and monitoring.

The primary impact of CVE-2025-54313 is the compromise of software supply chains through trusted development dependencies. Organizations that use the affected versions of eslint-config-prettier risk executing malicious code during package installation, potentially leading to unauthorized code execution and integrity breaches in development and build environments. This can result in the injection of backdoors, data tampering, or further malware deployment within corporate networks. The malware payload node-gyp.dll could facilitate persistence, lateral movement, or data exfiltration on Windows systems. Since eslint-config-prettier is commonly used in continuous integration and deployment pipelines, compromised build environments can propagate malicious code into production software, affecting end users and customers. The vulnerability can undermine trust in open-source ecosystems and cause significant operational disruption, intellectual property theft, and reputational damage. Although no availability impact is indicated, the integrity and confidentiality risks are substantial, especially for organizations with large JavaScript/TypeScript codebases and automated build processes.

1. Immediately audit all development and CI/CD environments for installations of eslint-config-prettier versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7. 2. Remove or replace affected package versions with known clean versions once available; if no patched versions exist, temporarily remove eslint-config-prettier from the dependency tree or use alternative formatting configurations. 3. Conduct thorough endpoint and build environment scans for the presence of node-gyp.dll and other suspicious artifacts, especially on Windows systems. 4. Implement strict supply chain security measures such as verifying package integrity via checksums or signatures before installation. 5. Employ network segmentation and least privilege principles in build environments to limit malware impact. 6. Monitor for unusual network or process activity originating from development machines and build servers. 7. Educate developers and DevOps teams about supply chain risks and encourage use of tools that detect malicious package behavior. 8. Maintain up-to-date backups of critical build and source code repositories to enable recovery if compromise is detected. 9. Engage with package maintainers and security communities for updates and patches. 10. Consider adopting reproducible builds and dependency whitelisting to reduce exposure to malicious packages.