sonatype-2025-007652

Malicious Packages - Fri Dec 26 2025 [Info Stealer]

Published Dec 26, 2025

CVSS ScoreMedium

5.3

CVE ID: sonatype-2025-007652
CWE: N/A
CVE Description: Malicious Packages - Fri Dec 26 2025 [Info Stealer]
Published: Dec 26, 2025
CVSS Score & Severity: 5.3Medium
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS Score: 0%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: Sonatype
References: https://help.sonatype.com/en/sonatype-malware-data.htmlTHIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-74.jsonTHIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-81.jsonTHIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-82.jsonTHIRD_PARTY

CVE ID: sonatype-2025-007652
CWE: N/A
CVE Description: Malicious Packages - Fri Dec 26 2025 [Info Stealer]
Published: Dec 26, 2025
CVSS Score & Severity: 5.3Medium
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS Score: 0%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: Sonatype
References: https://help.sonatype.com/en/sonatype-malware-data.htmlTHIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-74.jsonTHIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-81.jsonTHIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-82.jsonTHIRD_PARTY

Find vulnerabilities. Fix fast with AI.