12 matches found
EUVD-2025-12259
Malicious code in bioql PyPI...
Private Key Exfiltration
xrpl.js is vulnerable to Private Key Exfiltration. The vulnerability is due to malicious code injection due to compromised package versions designed to steal private keys...
CVE-2025-32965
xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. Version 2.14.2 is also malicious, though it is less likely t...
Exploit for CVE-2025-32965
This is a PoC exploit for CVE-2025-32965, a supply chain attack...
Exploit for CVE-2025-32965
It is an exploit module for CVE-2025-32965, a supply chain attac...
Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack
The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users' private keys. The malicious activity has been found to affect five different versions of the package:...
CVE-2025-32965
xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. Version 2.14.2 is also malicious, though it is less likely t...
CVE-2025-32965 Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2
xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. Version 2.14.2 is also malicious, though it is less likely t...
CVE-2025-32965 Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2
xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. Version 2.14.2 is also malicious, though it is less likely t...
CVE-2025-32965
CVE-2025-32965 affects xrpl.js, a JavaScript/TypeScript API for the XRP Ledger. Versions 4.2.1–4.2.4 and 2.14.2 are compromised, containing malicious code designed to exfiltrate private keys. The High-risk impact includes potential key exposure and compromised confidentiality and integrity of aff...
GHSA-33QR-M49Q-RXFX Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2
Impact Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. If you are using one of these versions, stop immediately and rotate any private keys or secrets used with affected systems. Version 2.14.2 is also malicious...
xrpl.js 安全漏洞
xrpl.js is an open source library from XRP Ledger. A security vulnerability exists in xrpl.js versions prior to 4.2.5, which stems from the inclusion of malicious code that could lead to private key disclosure...