Malware Payload in Backslash Package Affects npm Users and Cryptocurrency Transactions
CVE-2025-59140

8.8HIGH

Key Information:

Vendor

Qix-

Status
Node-backslash
Vendor
CVE Published:
15 September 2025

What is CVE-2025-59140?

The Backslash package faced a security breach when its npm account was compromised, leading to the release of version 0.2.1 which included a malicious payload. This malware specifically targets cryptocurrency transactions, attempting to reroute funds from wallets like MetaMask. Users are advised to upgrade to version 0.2.2, fully clear their node_modules directory, and rebuild any browser bundles to ensure the removal of this threat. The npm registry has since removed the malicious version to prevent further distribution.

Affected Version(s)

node-backslash = 0.2.1

References

https://github.com/Qix-/node-backslash/security/advisorie...
x_refsource_CONFIRM
https://github.com/debug-js/debug/issues/1005
x_refsource_MISC
https://socket.dev/blog/npm-author-qix-compromised-in-maj...
x_refsource_MISC

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-59140 : Malware Payload in Backslash Package Affects npm Users and Cryptocurrency Transactions