CVE-2025-32965

Name of the Vulnerable Software and Affected Versions xrpl.js versions 2.14.2, 4.2.1, 4.2.2, 4.2.3, 4.2.4 xrpl.js versions prior to 4.2.5 and 2.14.3

Description xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. The affected versions of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. Users who used one of these versions should stop immediately and rotate any private keys or secrets used with affected systems. To secure funds, users should think carefully about whether any keys may have been compromised by this supply chain attack and mitigate by sending funds to secure wallets and/or rotating keys. If any account's master key is potentially compromised, it should be disabled.

Recommendations For versions 2.14.2, 4.2.1, 4.2.2, 4.2.3, and 4.2.4, update to version 4.2.5 or 2.14.3 to receive a patch. For all affected versions, rotate any private keys or secrets used with affected systems. Consider sending funds to secure wallets and/or rotating keys to mitigate the risk of exploitation. If any account's master key is potentially compromised, disable the key.