216.73.216.36

CVE-2025-31125

· Published 31/03/2025 19:15 · Modified 28/01/2026 15:52 · Author: The MITRE Corporation

Labels: CVE-2025-31125 2025-03-31CVE-2025-31125CWE-200[email protected]

Essential information

Published
31/03/2025 19:15
Modified
28/01/2026 15:52
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
5.3 MEDIUM (v3.1)
CISA KEV
Yes
CWE
CVSS vector
CVSS:3.1/AV:N/C:H/I:N/A:N

CVSS metrics

Description

Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
vite / frontend tooling framework cpe:2.3:a:vite:frontend_tooling_framework:6.2.4:*:*:*:*:*:*:*
vite / frontend tooling framework cpe:2.3:a:vite:frontend_tooling_framework:6.1.3:*:*:*:*:*:*:*
vite / frontend tooling framework cpe:2.3:a:vite:frontend_tooling_framework:6.0.13:*:*:*:*:*:*:*
vite / frontend tooling framework cpe:2.3:a:vite:frontend_tooling_framework:5.4.16:*:*:*:*:*:*:*
vite / frontend tooling framework cpe:2.3:a:vite:frontend_tooling_framework:4.5.11:*:*:*:*:*:*:*

References

Related entities

Attack reports, intrusion sets, malwares, attack patterns and indicators linked to this vulnerability.

Attack reports (1)