CVE-2025-57754 | eslint-ban-moment is an Eslint plugin for final assignment i… | CVSS 9.8 CRITICAL

Description

eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase URI with embedded username and password will allow an attacker complete unauthorized access and control over database and user data. This could lead to data exfiltration, modification or deletion.

Metadata

CVE ID: CVE-2025-57754
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2025-08-19 15:16 UTC
Published: 2025-08-21 16:14 UTC
Last updated: 2025-08-21 17:31 UTC
Primary CWE: CWE-260
CWE-260: Password in Configuration File
Vendor / Product: kristoferfannar / eslint-ban-moment
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
kristoferfannar	eslint-ban-moment	—	<= 3.0.0

Weakness (CWE)

CWE	Source	Description
CWE-260	cna	CWE-260: Password in Configuration File

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (2)

https://github.com/kristoferfannar/eslint-ban-moment/security/advisories/GHSA-2486-4cjg-pw98 https://github.com/kristoferfannar/eslint-ban-moment/security/advisories/GHSA-2486-4cjg-pw98
https://github.com/kristoferfannar/eslint-ban-moment/commit/bc2d2f9d23e6ae961a23e0d769e0722870b11108 https://github.com/kristoferfannar/eslint-ban-moment/commit/bc2d2f9d23e6ae961a23e0d769e0722870b11108