CVE-2025-24010

Medium CVSS: 6.5

Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6.

Vendor

Vitejs

Product

Vite

CWE

CWE-346

Yayın Tarihi

2025-01-20 16:15:28

Güncelleme

2025-09-19 18:35:59

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-346 Vite MEDIUM Vitejs 2025

Referanslar

https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6

Benzer Kayıtlar

Low

CVE-2025-58751

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting w…

Low

CVE-2025-58752

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files o…

Medium

CVE-2025-46565

Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the cont…

Medium

CVE-2025-31125

Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?…

Medium

CVE-2025-30208

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15,…