icon

We found results for “

MSC-2025-5255

Date: April 22, 2025

This package has been identified by Mend as containing potential malicious functionality. This package was compromised, and this version contains a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets. Please remove the compromised package from your project and replace with either the last safe version, which is 4.2.0, or upgrade to the highest safe version, which is 4.2.5

Language: JS

Severity Score

Severity Score

Weakness Type (CWE)

Embedded Malicious Code

CWE-506

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): HIGH

Do you need more information?

Contact Us