Main Vulnerability Database Exploits ID:12729 - Exploit for Improper access control in Vite - CVE-2025-32395

ID:12729 - Exploit for Improper access control in Vite - CVE-2025-32395

Published: May 22, 2026

Vulnerability identifier: #VU125307

Vulnerability risk: Medium

CVE-ID: CVE-2025-32395

CWE-ID: CWE-284

Exploitation vector: Remote access

Vulnerable software:
Vite

Link to public exploit:

https://github.com/ruiwenya/CVE-2025-32395

Vulnerability description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper access control in the server.fs.deny check when handling an invalid request-target containing a # character. A remote attacker can send a specially crafted request to disclose sensitive information.

Only instances that explicitly expose the dev server to the network and run on Node or Bun are vulnerable. User interaction is required.

Remediation

Install security update from vendor's website.

ID:12729 - Exploit for Improper access control in Vite - CVE-2025-32395

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human