Description

Vite is a frontend build tool. This version contains an arbitrary file read vulnerability. Successful exploitation of this vulnerability can result in takeover of the server.

Remediation

Upgrade to the latest version of Vite

References

GitHub Security Advisory for CVE-2025-30208

GitHub Security Advisory for CVE-2025-31125

Related Vulnerabilities

MySQL CVE-2020-2577 Vulnerability (CVE-2020-2577)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-1203)

MySQL CVE-2012-0114 Vulnerability (CVE-2012-0114)

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-5320)

Oracle Application Server Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0735)

Severity

High

Classification

CVE-2025-30208 CVE-2025-31125 CWE-200 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Arbitrary File Read Known Vulnerabilities