CVE-2025-57754CRITICAL 9.8EPSS p25.5%

CVE-2025-57754CVE-2025-57754

Description

eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase URI with embedded username and password will allow an attacker complete unauthorized access and control over database and user data. This could lead to data exfiltration, modification or deletion.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.34% probability of exploitation · percentile 25.5% · 2026-06-19T12:03:05Z
Published2025-08-21
Last modified2026-04-15

Underlying weaknesses· 1

CWE-260

References

  1. https://github.com/kristoferfannar/eslint-ban-moment/commit/bc2d2f9d23e6ae961a23e0d769e0722870b11108
  2. https://github.com/kristoferfannar/eslint-ban-moment/security/advisories/GHSA-2486-4cjg-pw98

1

TypeTargetConfidenceTier
WeaknessPassword in Configuration Filecwe-2600%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25761
CVE
CVE-2026-34427
CVE
CVE-2025-28959
CVE
CVE-2026-39918
CVE
CVE-2025-25570
CVE
CVE-2025-69293
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.