Home > Vulnerability Database > MSC-2025-5258

Mend.io Vulnerability Database

MSC-2025-5258

Date: April 22, 2025

This package has been identified by Mend as containing potential malicious functionality. This package was compromised, and this version contains a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets. Please remove the compromised package from your project and replace with either the last safe version, which is 4.2.0, or upgrade to the highest safe version, which is 4.2.5

Language: JS

Severity Score

8.6

Related Resources (3)

Url: https://www.bleepingcomputer.com/news/security/ripples-recommended-xrp-library-xrpljs-hacked-to-steal-wallets/

Url: https://my.diffend.io/npm/xrpl/prev/4.2.2

Url: https://www.mend.io/vulnerability-database/MSC-2025-5258

Severity Score

8.6

Weakness Type (CWE)

Embedded Malicious Code

CWE-506

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

MSC-2025-5258

Date: April 22, 2025

Language: JS

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?