CVE-2025-59038
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-09-11

Assigner: GitHub, Inc.

Description
Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware campaign. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Version 10.10.0 fixes the issue. As a workaround, it is also possible to downgrade to 10.9.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-09-11
Generated
2026-06-16
AI Q&A
2025-09-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59038
EUVD
EUVD-2025-27596
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
prebid prebid-universal-creative 1.17.3
prebid proto-tinker-wc 0.1.87
prebid prebid.js 10.9.2
prebid prebid 10.10.0
prebid prebid.js 10.10.0
duckdb duckdb 1.3.3
prebid prebid 10.9.2
debug debug 4.4.2
chalk chalk 5.6.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-506 The product contains code that appears to be malicious in nature.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves a malware campaign that briefly compromised NPM users of prebid.js version 10.9.2. The malicious code attempts to redirect cryptocurrency transactions on the affected sites to the attackers' wallet. The issue is fixed in version 10.10.0, and as a workaround, users can downgrade to version 10.9.1.

Impact Analysis

If you use prebid.js version 10.9.2, this vulnerability could result in your site's cryptocurrency transactions being redirected to an attacker's wallet, potentially causing financial loss and compromising transaction integrity.

Mitigation Strategies

To mitigate this vulnerability, immediately upgrade Prebid.js to version 10.10.0. As a temporary workaround, you can downgrade to version 10.9.1 to avoid the compromised 10.9.2 version.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59038. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart