sonatype-2025-004486

Malicious Packages - Fri Nov 07 2025 [Dropper] [Lazarus]

Published Nov 9, 2025

CVSS ScoreHigh

8.7

CVE ID: sonatype-2025-004486
CWE: N/A
CVE Description: Malicious Packages - Fri Nov 07 2025 [Dropper] [Lazarus]
Published: Nov 9, 2025
CVSS Score & Severity: 8.7High
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score: 0%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: Sonatype
References: https://help.sonatype.com/en/sonatype-malware-data.htmlTHIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-190504.jsonTHIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-190627.jsonTHIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-55022.jsonTHIRD_PARTY

CVE ID: sonatype-2025-004486
CWE: N/A
CVE Description: Malicious Packages - Fri Nov 07 2025 [Dropper] [Lazarus]
Published: Nov 9, 2025
CVSS Score & Severity: 8.7High
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score: 0%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: Sonatype
References: https://help.sonatype.com/en/sonatype-malware-data.htmlTHIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-190504.jsonTHIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-190627.jsonTHIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-55022.jsonTHIRD_PARTY

Find vulnerabilities. Fix fast with AI.