Listen to this Post
The CVE-2025-XXXXX vulnerability stems from a compromised npm publisher account for the simple-swizzle package. An attacker gained access via a phishing campaign and published a malicious version (0.2.3). This version contained obfuscated JavaScript code that was functionally identical to the legitimate package but included an additional payload. The malicious payload was designed to activate exclusively in browser environments. It operated by hooking into the Web3 JavaScript API, specifically intercepting and modifying transaction requests from wallets like MetaMask. The code would silently replace the recipient’s cryptocurrency wallet address in a transaction with one controlled by the attacker, thereby redirecting funds without the user’s knowledge. Server-side and CLI environments were unaffected as the malicious code was conditionally executed only within a browser’s `window` context.
Platform: npm
Version: 0.2.3
Vulnerability: Supply Chain
Severity: Critical
date: 2025-09-08
Prediction: Patch released (2025-09-13)
What Undercode Say:
`npm cache clean –force`
`rm -rf node_modules/`
`npm install [email protected]`
How Exploit:
`curl -s https://registry.npmjs.org/simple-swizzle/0.2.3 | grep “walletAddress”`
Protection from this CVE
Update to version 0.2.4. Purge npm cache and node_modules. Rebuild all browser bundles from source. Audit private registry caches.
Impact:
Browser-based cryptocurrency theft. Client-side fund diversion.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

