Summary: Vite, a popular frontend build tool, is vulnerable to a file access control bypass (CVE-2025-30208) that could expose sensitive files to attackers. This flaw allows unauthorized access through specially crafted URL parameters, affecting only applications that expose the Vite development server. Users are urged to update to patched versions to mitigate this risk.
Affected: Vite (versions 6.2.0, 6.2.2, 6.1.0, 6.1.1, 6.0.0, 6.0.11, 5.0.0, 5.4.14, and 4.5.9)
Keypoints :
- Vulnerability (CVE-2025-30208) allows bypassing file system restrictions via URL parameters.
- Exploited applications must explicitly expose the Vite development server to the network to be at risk.
- Users are recommended to update to patched versions (6.2.3, 6.1.2, etc.) immediately.