#VU106265 Information disclosure in Vite - CVE-2025-30208
Published: March 31, 2025 / Updated: September 12, 2025
Vulnerability identifier: #VU106265
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2025-30208
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Vite
Vite
Software vendor:
Vite
Vite
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the contents of arbitrary files can be returned to the browser. A remote attacker can gain unauthorized access to sensitive information on the system.
Remediation
Install updates from vendor's website.
External links
- https://github.com/vitejs/vite/commit/315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4
- https://github.com/vitejs/vite/commit/80381c38d6f068b12e6e928cd3c616bd1d64803c
- https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41
- https://github.com/vitejs/vite/commit/92ca12dc79118bf66f2b32ff81ed09e0d0bd07ca
- https://github.com/vitejs/vite/commit/f234b5744d8b74c95535a7b82cc88ed2144263c1
- https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w