Ecosystem	Package	Version

Vulnerabilities

sonatype-2025-004193

sonatype-2025-004193

Malicious Packages - Fri Oct 17 2025 [Dropper] [Lazarus]

Published Oct 17, 2025

https://help.sonatype.com/en/sonatype-malware-data.html https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-48780.json

CVSS ScoreHigh

8.7

Ecosystem	Package	Version


npm	auto-es6-ext	0.10.38
npm	auto-regex	4.1.6
npm	bootstrap-flexgrid	1.9.15
npm	bootstrap-setcolor	1.9.15
npm	bootstrap-setcolor	1.9.16
npm	bootstrap-setcolors	1.9.16
npm	bootstrap-setflexcolor	1.9.15
npm	checking-ip	1.0.0
npm	checking-ips	1.0.0
npm	cli-color-ext	4.3.9
npm	common-js-support	1.0.0
npm	filigrean-icon	1.0.0
npm	filigren-icon	1.0.0
npm	filigron-icon	1.0.0
npm	filiogrean-icon	3.23.8
npm	flutchi-log	1.0.0
npm	glowmotion	1.9.7
npm	gridmancer	2.7.4
npm	icon-sea	1.1.9
npm	ip-checkers	1.0.0
npm	ip-checking	1.0.0
npm	ip-checks	1.0.0
npm	item-box	1.0.19
npm	lintcolor	2.5.3
npm	log4action	1.12.7
npm	logbin-nodejs	2.3.1
npm	logbin-nodejs	2.3.2
npm	metamask-api	1.0.0
npm	mongo-errorlog	1.0.0
npm	muleforge	2.9.1
npm	next-config-log	1.0.0
npm	next-log-patcher	1.0.0
npm	next-logging-patcher	1.0.0
npm	node-fetch-v3	1.0.0
npm	orbital-ledger	6.3.2
npm	pgforce	2.9.3
npm	prettier-utils	1.0.6
npm	pretty-format-setting	1.0.1
npm	pretty-format-setting	1.0.3
npm	pretty-text-formatter	1.0.1
npm	react-toast-ui	0.7.3
npm	react-toast-ui	0.7.4
npm	reactjs-fabric	6.0.11
npm	reactjs-fabric	6.0.12
npm	server-log-engine	1.0.0
npm	serverlog-dispatch	1.0.0
npm	shadeforge	2.7.4
npm	shadeforge	2.7.5
npm	socket-event-trigger	1.0.0
npm	socket-event-trigger	1.0.1

sonatype-2025-004193 | Components Impacted | Sonatype Guide | Sonatype Guide