Home > Vulnerability Database > CVE-2025-31125

Mend.io Vulnerability Database

CVE-2025-31125

Good to know:

Date: March 31, 2025

Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.

Severity Score

5.3

Related Resources (5)

Url: https://github.com/vitejs/vite

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-31125

Url: https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8

Url: https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949

Url: https://www.mend.io/vulnerability-database/CVE-2025-31125

Severity Score

5.3

Weakness Type (CWE)

Improper Access Control

CWE-284

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version vite - 4.5.11;vite - 5.4.16;vite - 6.0.13;vite - 6.1.3;vite - 6.2.4;https://github.com/vitejs/vite.git - v4.5.11;https://github.com/vitejs/vite.git - v5.4.16;https://github.com/vitejs/vite.git - v6.0.13;https://github.com/vitejs/vite.git - v6.1.3;https://github.com/vitejs/vite.git - v6.2.4

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-31125

Good to know:

Date: March 31, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?