CVE-2025-59038

Vulnerability Description

Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware campaign. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Version 10.10.0 fixes the issue. As a workaround, it is also possible to downgrade to 10.9.1.

Related Weaknesses (CWE)

CWE-506

References

https://github.com/prebid/Prebid.js/security/advisories/GHSA-jwq7-6j4r-2f92
https://www.sonatype.com/blog/npm-chalk-and-debug-packages-hit-in-software-suppl

FAQ

What is CVE-2025-59038?

CVE-2025-59038 is a documented vulnerability. Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware campaign. The malicious code a...

How severe is CVE-2025-59038?

CVSS scoring is not yet available for CVE-2025-59038. Check NVD for updates.

Is there a patch for CVE-2025-59038?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.