SB2025033118 - Information disclosure in Vite
Published: March 31, 2025 Updated: September 12, 2025
Security Bulletin ID
SB2025033118
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2025-30208)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the contents of arbitrary files can be returned to the browser. A remote attacker can gain unauthorized access to sensitive information on the system.
Remediation
Install update from vendor's website.
References
- https://github.com/vitejs/vite/commit/315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4
- https://github.com/vitejs/vite/commit/80381c38d6f068b12e6e928cd3c616bd1d64803c
- https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41
- https://github.com/vitejs/vite/commit/92ca12dc79118bf66f2b32ff81ed09e0d0bd07ca
- https://github.com/vitejs/vite/commit/f234b5744d8b74c95535a7b82cc88ed2144263c1
- https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w