@kvytech/medusa-plugin-product-reviews

MAL-2025-190746

npmmalware11/24/2025
Description

Malicious code in @kvytech/medusa-plugin-product-reviews (npm)

Indicators of Compromise
SHA256 Hashes (4)
abc7d22a0d7983f35edb450765f42de591e8883da0b9a6ed8b5f69b5f754c164
1e7d8c065be2eaeb4187aed0dbe61de9f0f0ee2b51d61330d9211866dff01504
46977680b8249c90d6c0054789dc0835e05c3030ca3670aa706b6265b5beb59d
5417b018a27faf8550b3f908ca2d3ef2a6f5be6c2bb78118c5e49255bdcea841
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-qjqx-mr3f-4f4v
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Setup in 5 minutesSOC 2 & ISO 27001