PT-2025-37743 · Npm · Simple-Swizzle
Informatic
·
Publicado
2025-09-08
·
Atualizado
2025-09-20
·
CVE-2025-59141
CVSS v4.0
8.8
Alta
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red |
Name of the Vulnerable Software and Affected Versions
simple-swizzle version 0.2.3
simple-swizzle versions prior to 0.2.4
Description
The npm publishing account for simple-swizzle was compromised following a phishing attack. Version 0.2.3 was published with a malware payload designed to redirect cryptocurrency transactions within browser environments. Local, server, and command-line environments are not affected. The malware specifically targets cryptocurrency transactions and wallets such as MetaMask.
Recommendations
Update to version 0.2.4.
Completely remove the
node modules directory.
Clean the package manager's global cache.
Rebuild any browser bundles from scratch.
Purge the compromised versions from any private registries or registry mirrors.Exploit
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Simple-Swizzle