PT-2025-36995 · Prebid.Js · Prebid.Js
Patmmccann
·
Published
2025-09-09
·
Updated
2025-09-11
·
CVE-2025-59038
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Prebid.js versions prior to 10.10.0
Prebid.js version 10.9.2
Description:
Prebid.js is a free and open source library used by publishers to implement header bidding. NPM users of version 10.9.2 may have been compromised by a malware campaign that attempts to redirect cryptocurrency transactions on the site to the attackers' wallet.
Recommendations:
Upgrade to Prebid.js version 10.10.0.
Downgrade to Prebid.js version 10.9.1.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Prebid.Js