CVE-2025-59141: Malware in simple-swizzle Node.js Package
Platform
nodejs
Component
simple-swizzle
Fixed in
0.2.4
0.2.4
CVE-2025-59141 represents a critical security issue stemming from a malicious compromise of the simple-swizzle Node.js package. This compromise introduced malicious code directly into the package, resulting in a full system compromise for any system running the vulnerable version. Affected versions are those prior to 0.2.4. A fix has been released in version 0.2.4.
Impact and Attack Scenarios
The impact of CVE-2025-59141 is severe. The malicious code injected into the simple-swizzle package grants attackers complete control over the affected system. This includes the ability to access and exfiltrate sensitive data, install additional malware, and potentially pivot to other systems on the network. The description explicitly states that any computer with the compromised package installed should be considered fully compromised, emphasizing the critical nature of this vulnerability. The attacker effectively gains root access and can perform any action the user of the package can, and more.
Exploitation Context
This vulnerability was identified as part of a malware supply chain attack. It is listed on the GitHub Security Advisories and is considered a high-risk event. Public proof-of-concept code is not readily available, but the severity and nature of the compromise suggest that attackers may be actively exploiting this vulnerability. The vulnerability was published on 2025-09-08.
Threat Intelligence
Exploit Status
EPSS
0.09% (25% percentile)
CISA SSVC
Affected Software
Package Information
- Last updated
- 0.2.48 months ago
Weakness Classification (CWE)
Timeline
- Reserved
- Published
- Modified
- EPSS updated
Mitigation and Workarounds
The primary mitigation for CVE-2025-59141 is to immediately upgrade the simple-swizzle package to version 0.2.4 or higher. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily removing the package from your project. Crucially, regardless of whether you upgrade or remove the package, you must rotate all secrets and keys stored on the affected system from a clean, uncompromised machine. There are no WAF or proxy rules that can effectively mitigate this vulnerability as the malicious code is executed directly on the host system. Detection signatures are difficult to create without specific knowledge of the injected code, but monitoring for unusual process activity originating from the simple-swizzle package is recommended.
How to fix
Update to version 0.2.4 or higher. Completely remove the node_modules directory, clear your package manager's global cache, and rebuild any browser packages from scratch. If you operate private registries or registry mirrors, purge affected versions from any cache.
CVE Security Newsletter
Vulnerability analysis and critical alerts directly to your inbox.
Frequently asked questions
What is CVE-2025-59141 — Malware in simple-swizzle?
CVE-2025-59141 is a HIGH severity vulnerability where the simple-swizzle Node.js package was compromised with malicious code, leading to full system control.
Am I affected by CVE-2025-59141 in simple-swizzle?
You are affected if you are using simple-swizzle versions less than or equal to 0.2.3. Immediately check your project dependencies.
How do I fix CVE-2025-59141 in simple-swizzle?
Upgrade to simple-swizzle version 0.2.4 or higher. Also, rotate all secrets and keys on the affected system.
Is CVE-2025-59141 being actively exploited?
While public proof-of-concept code is not readily available, the severity and nature of the compromise suggest active exploitation is possible.
Where can I find the official simple-swizzle advisory for CVE-2025-59141?
Refer to the GitHub Security Advisories for details: [https://github.com/advisories/CVE-2025-59141](https://github.com/advisories/CVE-2025-59141)
Is your project affected?
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.