Loading...
CVE-2025-30208: Vite Arbitrary File Read Vulnerability

CVE-2025-30208: Vite Arbitrary File Read

Medium-severity arbitrary file read vulnerability in the Vite development server (a popular frontend build tool)

Target Information
Vulnerability Information
CVE-2025-30208: Arbitrary File Read in Vite

A medium-severity vulnerability in the Vite development server allows attackers to read arbitrary files from the server's filesystem by sending crafted requests. This can lead to exposure of sensitive files and information.

Impact
  • Arbitrary file read
  • Exposure of sensitive files (e.g., .env, package.json, etc.)
  • Potential information disclosure
Technical Details
  • Type: Arbitrary File Read
  • Component: Vite Development Server
  • CVSS: 5.3 (Medium)
Vite Affected Versions
Vulnerable
  • 6.2.0 ≤ Vite ≤ 6.2.2
  • 6.1.0 ≤ Vite ≤ 6.1.1
  • 6.0.0 ≤ Vite ≤ 6.0.11
  • 5.0.0 ≤ Vite ≤ 5.4.14
  • Vite ≤ 4.5.9
Not Vulnerable
  • Vite ≥ 6.2.3
  • 6.1.2 ≤ Vite < 6.2.0
  • 6.0.12 ≤ Vite < 6.1.0
  • 5.4.15 ≤ Vite < 6.0.0
  • 4.5.10 ≤ Vite < 5.0.0
Vite Development Server
All major versions

Frontend build tool and dev server

cpe:2.3:a:vitejs:vite:*:*:*:*:*:*:*:*
Warning
Important Notice
  • This tool is designed for security testing and vulnerability assessment purposes only
  • Do not use this tool for unauthorized access or malicious attacks
  • Always obtain proper authorization before testing any system
  • Users are responsible for their actions and must comply with applicable laws
  • This tool is provided "as is" without any warranty
Scan History
Reference: This tool and detection logic are based on the open-source project ThemeHackers/CVE-2025-30208 by ThemeHackers.