Security Advisory

CVE-2025-31125

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-31 17:06:30
Last updated 2026-01-23 16:58:37
Assigner GitHub_M
State PUBLISHED

Description

Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.