PT-2025-37748 · Metamask+1 · Metamask+1
Informatic
·
Published
2025-09-08
·
Updated
2025-09-30
·
CVE-2025-59330
CVSS v4.0
8.8
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red |
Name of the Vulnerable Software and Affected Versions
error-ex versions prior to 1.3.4
Description
The error-ex npm package was compromised through a phishing attack resulting in the publication of version 1.3.3 containing a malware payload. This malware targets cryptocurrency transactions and wallets, such as MetaMask, within browser environments. Local, server, and command line environments are not affected. The malicious package was removed from the npm registry on September 8, 2025. The attacker attempted to redirect cryptocurrency transactions to their own addresses. Approximately an unknown number of devices using the compromised package in a browser context may have been affected.
Recommendations
Update to version 1.3.4.
Completely remove the node modules directory.
Clean the package manager's global cache.
Rebuild any browser bundles from scratch.
Purge the offending versions from any caches if operating private registries or registry mirrors.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Metamask
Error-Ex