CVE-2025-31125MEDIUM · 5.3TrackedCISA KEV

Vite · Vitejs

Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected.

Disclosed

2025-03-31

435 days ago

Status

no honeypot capture yet

on CISA KEV — watching

7-day events

across 0 distinct IPs

7-day spread

0 ASN · 0 cty

0 active days

Top ASNs

No events captured yet.

Top countries

No events captured yet.

References

https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949
https://nvd.nist.gov/vuln/detail/CVE-2025-31125

↗ NVD ↗ CISA KEV ↗ Search analyses