CNNVD-202509-1033 Information

Sep 08, 2025 cve

CNNVD ID

CNNVD-202509-1033

CVE-2025-58751

  • CNNVD Published: 2025-09-08

Description (Chinese)

Vite是Vite开源的一种新型的前端构建工具。 Vite 7.1.5、7.0.7、6.3.6和5.4.20之前版本存在访问控制错误漏洞,该漏洞源于绕过server.fs设置的文件访问。

Description (English)

Vite is a new front-end construction tool for Vite open source. Vite 7.1.5, 7.0.7, 6.3.6 and 5.4.20 had access control error holes, which originated from document access that bypassed the server.fs settings.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

Vite

Published

2025-09-08

Last Modified

2026-02-24

References

https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069 https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0 https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c https://access.redhat.com/security/cve/cve-2025-58751

Patch

https://github.com/vitejs/vite/releases

Share on: