CVE-2025-54313 is a high-severity supply chain vulnerability affecting multiple versions of the npm package eslint-config-prettier, specifically versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7. This package is widely used in JavaScript and TypeScript development environments to disable ESLint rules that conflict with Prettier formatting. The vulnerability involves embedded malicious code introduced during the package installation process. When an affected version is installed, it executes an install.js script that launches a malicious payload named node-gyp.dll on Windows systems. This DLL is malware that could compromise the host system. The vulnerability is classified under CWE-506, which pertains to embedded malicious code, indicating that the malicious payload is hidden within legitimate software components, making detection and prevention challenging. The CVSS v3.1 score of 7.5 reflects a high severity, with network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), no user interaction (UI:N), and a scope change (S:C). The impact on confidentiality is low, but integrity is high, and availability is not affected. Although no known exploits are reported in the wild yet, the potential for supply chain compromise is significant because developers and organizations frequently rely on this package in their build and CI/CD pipelines. The malicious code execution during installation means that any system running Windows and installing these versions is at risk of infection, potentially leading to unauthorized code execution, data integrity compromise, and further malware propagation within development environments.

For European organizations, this vulnerability poses a substantial risk due to the widespread use of JavaScript tooling and npm packages in software development across industries such as finance, telecommunications, automotive, and government sectors. The supply chain nature of the attack means that even organizations with strong perimeter defenses can be compromised if their development environments or CI/CD pipelines incorporate the affected package versions. The execution of node-gyp.dll malware on Windows systems can lead to unauthorized code execution, potentially allowing attackers to manipulate source code, inject backdoors, or exfiltrate sensitive intellectual property. This could disrupt software integrity, delay product releases, and damage organizational reputation. Furthermore, organizations with strict compliance requirements (e.g., GDPR) may face regulatory consequences if the breach leads to data exposure or loss of control over software assets. The lack of required privileges and user interaction for exploitation increases the risk of widespread infection in development environments, especially in multinational companies with distributed teams relying on shared package repositories.

European organizations should immediately audit their software supply chains to identify any usage of eslint-config-prettier versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7. They should replace these versions with either earlier unaffected versions or wait for a patched release from the vendor. Until a patch is available, organizations can implement the following specific mitigations: 1) Enforce strict package integrity verification using npm’s package-lock.json and checksum validation to detect tampered packages. 2) Use tools like npm audit and supply chain security scanners to detect malicious code in dependencies. 3) Restrict Windows development environments from executing untrusted DLLs by applying application whitelisting and endpoint protection policies. 4) Isolate build and CI/CD environments to limit the blast radius of potential infections. 5) Monitor network traffic and endpoint logs for suspicious activity related to node-gyp.dll or unusual install.js executions. 6) Educate developers about the risks of supply chain attacks and encourage the use of vetted package registries or private mirrors. 7) Implement multi-factor authentication and least privilege principles for access to development infrastructure to reduce the risk of lateral movement if compromise occurs.