Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2

Description

Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. If you are using one of these versions, stop immediately and rotate any private keys or secrets used with affected systems.

Version 2.14.

Recommendation

Update the xrpl package to the latest compatible version. Followings are version details:

• Affected version(s): **= 2.14.2

  >= 4.2.1, < 4.2.5**

• Patched version(s): **2.14.3

  4.2.5**

References

• GHSA-33qr-m49q-rxfx
• www.aikido.dev
• xrpl.org
• CVE-2025-32965
• CWE-506
• CAPEC-310
• OWASP 2021-A6

Related Issues

• DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware - CVE-2025-59037
• Prebid-universal-creative latest on npm briefly compromised - CVE-2025-59039
• Prebid.js NPM package briefly compromised - CVE-2025-59038
• Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements - CVE-2025-12758

Tags:

npm

xrpl