CVE-2025-59039
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-11
Assigner: GitHub, Inc.
Description
Description
Prebid Universal Creative (PUC) is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should see Prebid.js 9 release notes for suggestions on moving off the deprecated workflow of using the PUC or pointing to a dynamic version of it. PUC users pointing to latest should transition to 1.17.2 as soon as possible to avoid similar attacks in the future.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ansi-styles | ansi-styles | 6.2.2 |
| color-convert | color-convert | 3.1.1 |
| supports-color | supports-color | 10.2.1 |
| prebid | prebid-universal-creative | * |
| color-string | color-string | 2.1.1 |
| proto-tinker-wc | proto-tinker-wc | 0.1.87 |
| wrap-ansi | wrap-ansi | 9.0.1 |
| ansi-regex | ansi-regex | 6.2.1 |
| strip-ansi | strip-ansi | 7.1.1 |
| color | color | 5.0.1 |
| supports-hyperlinks | supports-hyperlinks | 4.1.1 |
| prebid | prebid-universal-creative | 1.17.3 |
| prebid | prebid.js | 10.9.2 |
| is-arrayish | is-arrayish | 0.3.3 |
| duckdb | duckdb | 1.3.3 |
| prebid | prebid | 10.9.2 |
| simple-swizzle | simple-swizzle | 0.2.3 |
| error-ex | error-ex | 1.3.3 |
| chalk | chalk | 5.6.1 |
| has-ansi | has-ansi | 6.0.1 |
| debug | debug | 4.4.2 |
| color-name | color-name | 2.0.1 |
| slice-ansi | slice-ansi | 7.1.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-506 | The product contains code that appears to be malicious in nature. |
