Multiple Node.js Modules compromised in supply chain attack to steal crypto (08/09/2025)

high Nessus Plugin ID 265444

Language:

Synopsis

The remote host has a compromised Node.js module installed.

Description

The remote host has a version of one or more Node.js modules installed known to be compromised in a supply chain attack. The following Node.js modules are known to be affected: 'backslash', 'chalk', 'debug', 'chalk-template', 'supports-hyperlinks', 'has-ansi', 'simple-swizzle', 'color-string', 'error-ex', 'color-name', 'is-arrayish', 'slice-ansi', 'color-convert', 'wrap-ansi', 'ansi-regex', 'supports-color', 'strip-ansi', 'ansi-styles'. A malicious update to these modules introduced crypto-stealing behavior through web browser network traffic monitoring, interception and hijacking.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected node modules to a version higher than the known compromised versions.

Plugin Details

Severity: High

ID: 265444

File Name: npm_supply_chain_attack_08-09-2025.nasl

Version: 1.1

Type: local

Family: Misc.

Published: 9/19/2025

Updated: 9/19/2025

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.2

CVSS v4

Risk Factor: High

Base Score: 8.8

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2025-59330

Vulnerability Information

CPE: cpe:/a:nodejs:node.js

Required KB Items: Host/nodejs/modules/enumerated

Patch Publication Date: 9/8/2025

Vulnerability Publication Date: 9/8/2025

Reference Information

CVE: CVE-2025-59140, CVE-2025-59141, CVE-2025-59142, CVE-2025-59143, CVE-2025-59144, CVE-2025-59145, CVE-2025-59162, CVE-2025-59330, CVE-2025-59331

Detections

Analytics