Platform
nodejs
Component
simple-swizzle
Fixed in
0.2.4
0.2.4
CVE-2025-59141 represents a critical security issue stemming from a malicious compromise of the simple-swizzle Node.js package. This compromise introduced malicious code directly into the package, resulting in a full system compromise for any system running the vulnerable version. Affected versions are those prior to 0.2.4. A fix has been released in version 0.2.4.
The impact of CVE-2025-59141 is severe. The malicious code injected into the simple-swizzle package grants attackers complete control over the affected system. This includes the ability to access and exfiltrate sensitive data, install additional malware, and potentially pivot to other systems on the network. The description explicitly states that any computer with the compromised package installed should be considered fully compromised, emphasizing the critical nature of this vulnerability. The attacker effectively gains root access and can perform any action the user of the package can, and more.
This vulnerability was identified as part of a malware supply chain attack. It is listed on the GitHub Security Advisories and is considered a high-risk event. Public proof-of-concept code is not readily available, but the severity and nature of the compromise suggest that attackers may be actively exploiting this vulnerability. The vulnerability was published on 2025-09-08.
Exploit Status
EPSS
0.09% (25% percentile)
CISA SSVC
The primary mitigation for CVE-2025-59141 is to immediately upgrade the simple-swizzle package to version 0.2.4 or higher. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily removing the package from your project. Crucially, regardless of whether you upgrade or remove the package, you must rotate all secrets and keys stored on the affected system from a clean, uncompromised machine. There are no WAF or proxy rules that can effectively mitigate this vulnerability as the malicious code is executed directly on the host system. Detection signatures are difficult to create without specific knowledge of the injected code, but monitoring for unusual process activity originating from the simple-swizzle package is recommended.
Update to version 0.2.4 or higher. Completely remove the node_modules directory, clear your package manager's global cache, and rebuild any browser packages from scratch. If you operate private registries or registry mirrors, purge affected versions from any cache.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-59141 is a HIGH severity vulnerability where the simple-swizzle Node.js package was compromised with malicious code, leading to full system control.
You are affected if you are using simple-swizzle versions less than or equal to 0.2.3. Immediately check your project dependencies.
Upgrade to simple-swizzle version 0.2.4 or higher. Also, rotate all secrets and keys on the affected system.
While public proof-of-concept code is not readily available, the severity and nature of the compromise suggest active exploitation is possible.
Refer to the GitHub Security Advisories for details: [https://github.com/advisories/CVE-2025-59141](https://github.com/advisories/CVE-2025-59141)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.