Home > Vulnerability Database > CVE-2025-59038

Mend.io Vulnerability Database

CVE-2025-59038

Good to know:

Date: September 9, 2025

Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware campaign. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Version 10.10.0 fixes the issue. As a workaround, it is also possible to downgrade to 10.9.1.

Severity Score

8.8

Related Resources (10)

Url: https://github.com/advisories/GHSA-4hjx-fhh8-vr6j

Url: https://www.bleepingcomputer.com/news/security/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack/

Url: https://github.com/prebid/Prebid.js

Url: https://github.com/advisories/GHSA-jwq7-6j4r-2f92

Url: https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised

Url: https://github.com/prebid/Prebid.js/security/advisories/GHSA-jwq7-6j4r-2f92

Url: https://github.com/prebid/Prebid.js/commit/72c7f184028f51ba15cdac744d56590b0f2b1f1e

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-59038

Url: https://github.com/prebid/Prebid.js/releases/tag/10.10.0

Url: https://www.mend.io/vulnerability-database/CVE-2025-59038

Severity Score

8.8

Weakness Type (CWE)

Embedded Malicious Code

CWE-506

Top Fix

Upgrade Version

Upgrade to version prebid.js - 10.10.0

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-59038

Good to know:

Date: September 9, 2025

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?