Malicious packages 260128

Author: brianm-jfrog

post/potential-rce-vulnerabilityin-openssl-cve-2025-15467.md

@@ -10,8 +10,6 @@ minutes: '5'
 
 ---
 
-# Potentially Critical RCE Vulnerability in OpenSSL \- CVE-2025-15467
-
 ![](/img/RealTimePostImage/post/openssl/image1.png)
 The JFrog Security Research team is tracking a newly disclosed OpenSSL vulnerability, CVE-2025-15467, a stack overflow issue that may lead to remote code execution (RCE). While no official CVSS score has been assigned yet, it was rated with a “high” severity by OpenSSL and based on its characteristics, we assess that it may be rated as Critical by NVD.
 
@@ -31,13 +29,13 @@ FIPS modules in 3.6, 3.5, 3.4, 3.3, and 3.0 are not affected, as the CMS impleme
 **Our research team has managed to reproduce the vulnerability** by calling the [**CMS\_Decrypt**](https://docs.openssl.org/3.2/man3/CMS_decrypt/) API directly, which means that OpenSSL applications that directly call this API are vulnerable to CVE-2025-15467.
 ![](/img/RealTimePostImage/post/openssl/image2.png)
 
-Another possible exploit can be achieved by executing the openssl CLI like that:
+Exploitation can also be achieved when applications are using the `openssl cms` CLI tool to decrypt untrusted data:
 
 ```shell
 openssl cms -decrypt -in untrusted_data.pem
 ```
 
-However \- this is only an initial assessment and more attack vectors are likely to be relevant, stay tuned as we update this blog.
+Note that this is only an initial assessment and more attack vectors are likely to be relevant, stay tuned as we update this blog.
 
 ## How to resolve CVE-2025-15467?
 

src/malicious/malicious-data.json

@@ -1,4 +1,12 @@
 [
+    {
+        "title": "chai-as-executed",
+        "description": "",
+        "date_published": "2026-01-19",
+        "platform": "npm",
+        "downloads_text": "<1k total downloads",
+        "type": "malicious"
+    },
     {
         "title": "cugraph-service-server",
         "description": "",