VDB

GCVE-110-OSM-2025-310

GCVE-110-OSM-2025-310
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published December 23, 2025
Glassworm threat actor steganographic attack using hidden Unicode variation selectors embedded in eslint.config.js.bak. Uses invisible Unicode characters to hide malicious payloads that execute when the file is loaded. Campaign targets supply-chain via compromised repositories. Malicious payload found in: eslint.config.js.bak Attack vector: Glassworm steganographic attack using hidden Unicode variation selectors Decoder signature: 0xFE00&&w<=0xFE0F?w-0xFE00:w>=0xE0100&&w<=0xE01EF (extracts hidden commands from variation selector ranges) Behavior: Embedded JavaScript extracts malicious payloads encoded as Unicode variation selectors (U+FE00-U+FE0F, U+E0100-U+E01EF) that are invisible to human code reviewers but decoded and executed at runtime. Typically used for cryptocurrency theft and credential exfiltration.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownall (affected)

References

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›