SCA: security update for xrpl (GHSA-33qr-m49q-rxfx)

critical Tenable Cloud Security Plugin ID 425751

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser.
Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed
to exfiltrate private keys. Version 2.14.2 is also malicious, though it is less likely to lead to
exploitation as it is not compatible with other 2.x versions. Anyone who used one of these versions should
stop immediately and rotate any private keys or secrets used with affected systems. Users of xrpl.js
should pgrade to version 4.2.5 or 2.14.3 to receive a patch. To secure funds, think carefully about
whether any keys may have been compromised by this supply chain attack, and mitigate by sending funds to
secure wallets, and/or rotating keys. If any account's master key is potentially compromised, disable the
key. (CVE-2025-32965)

See Also

https://github.com/advisories/GHSA-33qr-m49q-rxfx

Plugin Details

Severity: Critical

ID: 425751

Version: Revision 1.7

Type: Local

Family: SCA Checks

Published: 4/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 5

Percentile: 94.39

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2025-32965

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Critical

Base Score: 9.3

Threat Score: 8.9

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/22/2025

Vulnerability Publication Date: 4/22/2025

Reference Information

CVE: CVE-2025-32965

cwe: CWE-506