PT-2025-37743 · Npm · Simple-Swizzle
Informatic
·
Published
2025-09-08
·
Updated
2025-09-20
·
CVE-2025-59141
CVSS v4.0
8.8
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red |
Name of the Vulnerable Software and Affected Versions
simple-swizzle version 0.2.3
simple-swizzle versions prior to 0.2.4
Description
The npm publishing account for simple-swizzle was compromised following a phishing attack. Version 0.2.3 was published with a malware payload designed to redirect cryptocurrency transactions within browser environments. Local, server, and command-line environments are not affected. The malware specifically targets cryptocurrency transactions and wallets such as MetaMask.
Recommendations
Update to version 0.2.4.
Completely remove the
node modules directory.
Clean the package manager's global cache.
Rebuild any browser bundles from scratch.
Purge the compromised versions from any private registries or registry mirrors.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simple-Swizzle