CNNVD-202509-2680 Information

CNNVD ID

CNNVD-202509-2680

Related CVE

CVE-2025-59414

• CNNVD Published: 2025-09-17

Description (Chinese)

Nuxt是Nuxt开源的一个免费的开源框架。 Nuxt 3.19.0之前版本和4.1.0之前版本存在路径遍历漏洞，该漏洞源于客户端有效载荷恢复机制存在路径遍历问题，可能导致攻击者操控客户端请求。

Description (English)

Nuxt is a free open source framework for Nuxt open source. Before Nuxt 3.19.0 and before 4.1.0, there was a routing gap, which stemmed from the routing problem of the client payload restoration mechanism, which could lead to the attacker manipulating the client request.

Hazard Level

Critical

Vulnerability Type

路径遍历

Affected Vendor

恩智浦半导体

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/nuxt/nuxt/commit/2566d2046bccb158d98fb13e42ce4b2c33fb2595 https://github.com/nuxt/nuxt/security/advisories/GHSA-p6jq-8vc4-79f6

Patch

https://github.com/nuxt/nuxt/releases