top of page
perceptive_background_267k.jpg

Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitl…

Published:

22 januari 2026 om 00:00:00

Alert date:

22 januari 2026 om 19:05:46

Source:

cisa.gov

Click to open the original link from this advisory

Web Technologies, Supply Chain & Dependencies

CVE-2025-31125 is an improper access control vulnerability in Vite Vitejs that allows unauthorized access to non-allowed files through the ?inline&import or ?raw?import parameters. The vulnerability only affects applications that explicitly expose the Vite development server to the network using --host or server.host configuration options. This is an open-source component vulnerability that could potentially impact multiple products using the Vite development server. The vulnerability has been addressed in a GitHub commit and is documented in the National Vulnerability Database.

Technical details

Mitigation steps:

Affected products:

Vite

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-31125
https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page