CVE-2025-59037 Overview
CVE-2025-59037 affects the DuckDB distribution for Node.js published on the npm registry. On 8 September 2025, attackers compromised the DuckDB maintainer account and published malicious versions of four DuckDB packages. The malicious code targeted cryptocurrency transactions on systems running the affected releases. DuckDB deprecated the malicious versions, coordinated with npm support to remove them, and released clean replacements with higher version numbers. The incident is classified under CWE-506: Embedded Malicious Code.
Critical Impact
Malicious code embedded in four DuckDB npm packages interfered with cryptocurrency transactions, exposing users who installed @duckdb/node-api@1.3.3, @duckdb/node-bindings@1.3.3, duckdb@1.3.3, or @duckdb/duckdb-wasm@1.29.2 to financial loss.
Affected Products
- @duckdb/node-api version 1.3.3
- @duckdb/node-bindings version 1.3.3
- duckdb version 1.3.3 and @duckdb/duckdb-wasm version 1.29.2
Discovery Timeline
- 2025-09-08 - Compromised packages published to npm by an attacker controlling DuckDB maintainer credentials
- 2025-09-09 - CVE-2025-59037 published to the National Vulnerability Database
- 2026-04-15 - Last updated in NVD database
Technical Details for CVE-2025-59037
Vulnerability Analysis
CVE-2025-59037 is a supply chain compromise rather than a code defect in DuckDB itself. An attacker gained the ability to publish to the DuckDB npm namespace and released versions containing embedded malicious code. The malicious payload was designed to interfere with cryptocurrency transactions performed on hosts where the package was installed and executed. The same campaign affected several other popular npm packages, including debug and chalk, as documented in the Aikido analysis of the npm compromise.
According to npm download statistics referenced in the DuckDB security advisory, no downloads of the affected versions occurred before deprecation. Despite the low download count, any automated build pipeline that pinned to ^1.3.2 or similar floating ranges could have pulled the compromised release.
Root Cause
The root cause is an upstream account or token compromise on the npm registry that allowed an unauthorized party to publish under the DuckDB maintainer identity. The published artifacts contained code unrelated to DuckDB functionality, classifying the issue under CWE-506 (Embedded Malicious Code).
Attack Vector
The attack vector is network-based and requires user action to install or update the affected npm package. Once installed, the malicious code executes within the Node.js process and hooks into cryptocurrency wallet activity on the host. Refer to the DuckDB v1.3.4 release notes for the clean rebuild and the published advisory for additional context.
Detection Methods for CVE-2025-59037
Indicators of Compromise
- Presence of @duckdb/node-api@1.3.3, @duckdb/node-bindings@1.3.3, duckdb@1.3.3, or @duckdb/duckdb-wasm@1.29.2 in package-lock.json, yarn.lock, or pnpm-lock.yaml
- Outbound network connections from Node.js processes to wallet address replacement infrastructure described in the Aikido analysis
- Modified clipboard contents during cryptocurrency transactions on systems running affected builds
Detection Strategies
- Run npm ls duckdb @duckdb/node-api @duckdb/node-bindings @duckdb/duckdb-wasm recursively across all repositories and build agents to enumerate installed versions
- Audit CI/CD artifact caches and container images built between 8 and 9 September 2025 for the compromised tarballs
- Compare installed package hashes against the integrity values published in the GitHub advisory
Monitoring Recommendations
- Enable npm audit signals and dependency scanning in source control to flag installations of deprecated versions
- Monitor Node.js processes for unexpected file system access to browser profiles or wallet directories
- Log and alert on outbound DNS or HTTP requests from build servers to domains referenced in the Aikido write-up
How to Mitigate CVE-2025-59037
Immediate Actions Required
- Upgrade to duckdb@1.3.4, @duckdb/node-api@1.3.4, @duckdb/node-bindings@1.3.4, or @duckdb/duckdb-wasm@1.30.0 or higher
- Purge local and CI npm caches, then reinstall dependencies from clean lockfiles
- Rotate any credentials, API tokens, or wallet keys handled on systems that executed the compromised versions
Patch Information
DuckDB released fixed packages with version numbers higher than the compromised builds. Upgrade to 1.3.4 for duckdb, @duckdb/node-api, and @duckdb/node-bindings, and to 1.30.0 for @duckdb/duckdb-wasm. Details are available in the DuckDB Node.js v1.3.4 release.
Workarounds
- Downgrade to duckdb@1.3.2 or @duckdb/duckdb-wasm@1.29.1 if upgrading is not immediately possible
- Pin exact versions in lockfiles and disable automatic minor or patch updates for the DuckDB packages
- Use npm install --ignore-scripts in CI to reduce the impact of malicious lifecycle scripts pending verification
# Configuration example
npm uninstall duckdb @duckdb/node-api @duckdb/node-bindings @duckdb/duckdb-wasm
npm cache clean --force
npm install duckdb@1.3.4 @duckdb/node-api@1.3.4 @duckdb/node-bindings@1.3.4 @duckdb/duckdb-wasm@1.30.0
npm ls duckdb @duckdb/node-api @duckdb/node-bindings @duckdb/duckdb-wasm
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

