QwikSec

Security Database

CVE

CWE

Training

CVE-2025-59038

Published: Sep 9, 2025

Modified: Sep 10, 2025

PUBLISHED

Description

Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware campaign. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Version 10.10.0 fixes the issue. As a workaround, it is also possible to downgrade to 10.9.1.

Vendor	Product	Versions
prebid	Prebid.js	affected `= 10.9.2`

Weaknesses (CWE)

References

https://github.com/prebid/Prebid.js/security/advisories/GHSA-jwq7-6j4r-2f92

x_refsource_CONFIRM

https://www.sonatype.com/blog/npm-chalk-and-debug-packages-hit-in-software-supply-chain-attack

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.