Description

Vite is a frontend build tool. This version contains an arbitrary file read vulnerability. Successful exploitation of this vulnerability can result in takeover of the server.

Remediation

Upgrade to the latest version of Vite

References

GitHub Security Advisory for CVE-2025-30208

GitHub Security Advisory for CVE-2025-31125

Related Vulnerabilities

MySQL CVE-2021-2354 Vulnerability (CVE-2021-2354)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37150)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-10352)

MySQL CVE-2017-3636 Vulnerability (CVE-2017-3636)

Plone CMS Improper Authentication Vulnerability (CVE-2009-0662)

Severity

High

Classification

CVE-2025-30208 CVE-2025-31125 CWE-200 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Arbitrary File Read Known Vulnerabilities