CNNVD-202509-1032 Information
CNNVD ID
CNNVD-202509-1032
Related CVE
- CNNVD Published: 2025-09-08
Description (Chinese)
Vite是Vite开源的一种新型的前端构建工具。 Vite 7.1.5之前版本、7.0.7之前版本、6.3.6之前版本和5.4.20之前版本存在访问控制错误漏洞,该漏洞源于显式地将Vite开发服务器暴露给网络导致任意HTML文件访问。
Description (English)
Vite is a new front-end construction tool for Vite open source. Vite 7.1.5, 7.0.7, 6.3.6 and 5.4.20 have access control error holes, which stem from the apparent exposure of the Vite development server to the network, resulting in any type of HTML file access.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
Vite
Published
2025-09-08
Last Modified
2026-02-24
References
https://github.com/vitejs/vite/commit/6f01ff4fe072bcfcd4e2a84811772b818cd51fe6 https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3 https://github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea https://access.redhat.com/security/cve/cve-2025-58752
Patch
https://github.com/vitejs/vite/releases
Share on: