Vulnerability-Lookup

rustsec-2025-0154

Vulnerability from osv_rustsec

Published

2025-11-04 12:00

Modified

2026-03-25 08:37

Summary

`replit_ruspty` was removed from crates.io for malicious code

Details

The OpenSSF Package Analysis project identified 'replit_ruspty' @ 1.0.0 (crates.io) as malicious. Version 2.0.0 was also published with malware.

It is considered malicious because: The package communicates with a domain associated with malicious activity. The package executes one or more commands associated with malicious behavior.

This advisory is to retrospectively document this attack. The download records of the malicious crate are no longer available. The related malicious crates have been deleted.

References

URL

Type

	https://crates.io/crates/replit_ruspty	PACKAGE
	https://rustsec.org/advisories/RUSTSEC-2025-0154.html	ADVISORY
	https://github.com/ossf/malicious-packages/blob/m…	WEB

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "categories": [
          "malicious"
        ],
        "cvss": null,
        "informational": null
      },
      "ecosystem_specific": {
        "affected_functions": null,
        "affects": {
          "arch": [],
          "functions": [],
          "os": []
        }
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "replit_ruspty",
        "purl": "pkg:cargo/replit_ruspty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0-0"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "versions": []
    }
  ],
  "aliases": [
    "MAL-2025-49350"
  ],
  "database_specific": {
    "license": "CC0-1.0"
  },
  "details": "The OpenSSF Package Analysis project identified \u0027replit_ruspty\u0027 @ 1.0.0 (crates.io) as malicious. Version 2.0.0 was also published with malware.\n\nIt is considered malicious because: The package communicates with a domain associated with malicious activity. The package executes one or more commands associated with malicious behavior.\n\nThis advisory is to retrospectively document this attack. The download records of the malicious crate are no longer available. The related malicious crates have been deleted.",
  "id": "RUSTSEC-2025-0154",
  "modified": "2026-03-25T08:37:19Z",
  "published": "2025-11-04T12:00:00Z",
  "references": [
    {
      "type": "PACKAGE",
      "url": "https://crates.io/crates/replit_ruspty"
    },
    {
      "type": "ADVISORY",
      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0154.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ossf/malicious-packages/blob/main/osv/malicious/crates.io/replit_ruspty/MAL-2025-49350.json"
    }
  ],
  "related": [],
  "severity": [],
  "summary": "`replit_ruspty` was removed from crates.io for malicious code"
}

mal-2025-49350

Vulnerability from ossf_malicious_packages

Published

2025-11-04 04:53

Modified

2025-11-04 04:53

Summary

Malicious code in replit_ruspty (crates.io)

Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (703ba59c0f40f937ba922d389d8beab406cc57110b792ed8d58ab7e8133c1712)

The OpenSSF Package Analysis project identified 'replit_ruspty' @ 1.0.0 (crates.io) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.

Credits

OpenSSF: Package Analysis github.com/ossf/package-analysis openssf.slack.com/channels/package_analysis

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "replit_ruspty"
      },
      "versions": [
        "1.0.0"
      ]
    }
  ],
  "credits": [
    {
      "contact": [
        "https://github.com/ossf/package-analysis",
        "https://openssf.slack.com/channels/package_analysis"
      ],
      "name": "OpenSSF: Package Analysis",
      "type": "FINDER"
    }
  ],
  "database_specific": {
    "malicious-packages-origins": [
      {
        "import_time": "2025-11-04T05:07:04.458693219Z",
        "modified_time": "2025-11-04T04:53:00Z",
        "sha256": "703ba59c0f40f937ba922d389d8beab406cc57110b792ed8d58ab7e8133c1712",
        "source": "ossf-package-analysis",
        "versions": [
          "1.0.0"
        ]
      }
    ]
  },
  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (703ba59c0f40f937ba922d389d8beab406cc57110b792ed8d58ab7e8133c1712)\nThe OpenSSF Package Analysis project identified \u0027replit_ruspty\u0027 @ 1.0.0 (crates.io) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
  "id": "MAL-2025-49350",
  "modified": "2025-11-04T04:53:00Z",
  "published": "2025-11-04T04:53:00Z",
  "schema_version": "1.5.0",
  "summary": "Malicious code in replit_ruspty (crates.io)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted