Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.
Published: 2025-03-31
CVSS: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Download CVE-2025-31125 POC (Proof-of-Concept) here:
Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.
Check my portfolio here:
https://tlncglobal.com/poc-20-cve-2026-21877/
https://tlncglobal.com/poc-967-cve-2024-45436/
https://tlncglobal.com/poc-285-cve-2025-30004/
Taisja Laudy to jedna z najbardziej doświadczonychGallup Certified Global Strengths Coachw Polsce i Europie.