- Description
- Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 3.6
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-200
- Hype score
- Not currently trending
Nuclei CVE-2025-31125 POC GET /etc/passwd?import&?inline=1.wasm?init GET /C://windows/win.ini?import&?inline=1.wasm?init fofa-query: body="/@vite/client" https://t.co/0BkUKm8B2s
@kala14254511439
1 Apr 2025
88 Impressions
0 Retweets
2 Likes
3 Bookmarks
0 Replies
0 Quotes
#CVE-2025-31125 Vite New Bypass Reproduced on 6.2.1 https://t.co/3TpIJLLY9c https://t.co/PrPbgMb00I
@_r00tuser
1 Apr 2025
77 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-31125 the new bypass of vite file read https://t.co/g12bQj23I0
@sirifu4k1
1 Apr 2025
447 Impressions
2 Retweets
4 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2025-31125 Information Disclosure Vulnerability in Vite JavaScript Framework Affecting Network-Exposed Servers https://t.co/6ZxYDy1hKh
@VulmonFeeds
31 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-31125 Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the … https://t.co/VxjCQGC5wz
@CVEnew
31 Mar 2025
248 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes