CVE-2025-57754
Published: 21 August 2025
Summary
CVE-2025-57754 is a critical-severity Password in Configuration File (CWE-260) vulnerability. Its CVSS base score is 9.8 (Critical).
Operationally, ranked at the 29.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-25477
Vulnerability details
eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase URI with embedded username and password will allow an attacker complete unauthorized access and control…
more
over database and user data. This could lead to data exfiltration, modification or deletion.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.