Security Advisory

CVE-2025-56647

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-12 00:00:00

Last updated 2026-02-12 16:45:37

Assigner mitre

State PUBLISHED

Description

npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development (hot module reloading) server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leaked by the WebSocket server.

← Browse all CVEs View on cve.org ↗