Detections
Analytics
Vite < 4.5.10 / 5.0.x < 5.4.15 / 6.0.x < 6.0.12 / 6.1.x < 6.1.2 / 6.2.x < 6.2.3 Arbitrary File Read
medium Web App Scanning Plugin ID 114772
Language:
Synopsis
Vite < 4.5.10 / 5.0.x < 5.4.15 / 6.0.x < 6.0.12 / 6.1.x < 6.1.2 / 6.2.x < 6.2.3 Arbitrary File ReadDescription
Vite version prior to 4.5.10, 5.0.x prior to 5.4.15, 6.0.x prior to 6.0.12, 6.1.x prior to 6.1.2 or 6.2.x prior to 6.2.3 are affected by a vulnerability allowing unauthenticated remote attackers to read arbitrary files on the affected host when the app is exposing the Vite dev server to the network.Solution
Upgrade to Vite 4.5.10, 5.4.15, 6.0.12, 6.1.2, 6.2.3 or later.See Also
https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w
Plugin Details
Severity: Medium
ID: 114772
Type: remote
Family: Component Vulnerability
Published: 4/17/2025
Updated: 4/17/2025
Scan Template: basic, full, pci, scan
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 5.4
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N
CVSS Score Source: CVE-2025-30208
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS Score Source: CVE-2025-30208
Vulnerability Information
CPE: cpe:2.3:a:vitejs:vite:*:*:*:*:*:*:*:*
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/24/2025
Vulnerability Publication Date: 3/20/2025
Reference Information
CVE: CVE-2025-30208
OWASP: 2010-A6, 2010-A8, 2013-A5, 2013-A7, 2013-A9, 2017-A5, 2017-A6, 2017-A9, 2021-A1, 2021-A6
WASC: Information Leakage, Insufficient Authorization
CAPEC: 116, 13, 169, 19, 22, 224, 285, 287, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 312, 313, 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 441, 472, 478, 479, 497, 502, 503, 508, 536, 546, 550, 551, 552, 556, 558, 562, 563, 564, 573, 574, 575, 576, 577, 578, 59, 60, 616, 643, 646, 651, 79
DISA STIG: APSC-DV-000460, APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2), 164.312(a)(1), 164.312(a)(2)(i)
ISO: 27001-A.13.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.14.2.5, 27001-A.18.1.3, 27001-A.6.2.2, 27001-A.9.1.2, 27001-A.9.4.1, 27001-A.9.4.4, 27001-A.9.4.5
NIST: sp800_53-AC-3, sp800_53-CM-6b, sp800_53-SI-15
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-1.4.2, 4.0.2-14.2.1, 4.0.2-8.3.4