webpack-dev-server users' source code may be stolen when they access a malicious web site

🗓️ 04 Sep 2025 04:45:07Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com👁 2 Views

A flaw in webpack dev server could allow attackers on a malicious site to steal users' source code.

Reporter	Title	Published	Views	Family All 27
IBM Security Bulletins	Security Bulletin: IBM QRadar Log Source Management app for IBM QRadar SIEM includes components with known vulnerabilities	15 Aug 202514:37	–	ibm
IBM Security Bulletins	Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Exposed Dangerous Method or Function, Origin Validation Error due to webpack-dev-server	17 Dec 202510:46	–	ibm
IBM Security Bulletins	Security Bulletin: Source Code Exposure Vulnerability in webpack-dev-server (Fixed in Version 5.2.1) affects watsonx.data	4 Mar 202615:30	–	ibm
Chainguard	CVE-2025-30359 vulnerabilities	2 Jul 202501:16	–	cgr
Circl	CVE-2025-30359	3 Jun 202515:55	–	circl
CNNVD	webpack-dev-server 安全漏洞	3 Jun 202500:00	–	cnnvd
CVE	CVE-2025-30359	3 Jun 202517:39	–	cve
Cvelist	CVE-2025-30359 webpack-dev-server users' source code may be stolen when they access a malicious web site	3 Jun 202517:39	–	cvelist
EUVD	EUVD-2025-16767	3 Oct 202520:07	–	euvd
Github Security Blog	webpack-dev-server users' source code may be stolen when they access a malicious web site	4 Jun 202521:09	–	github

04 Sep 2025 04:45Current

7High risk

Vulners AI Score7

CVSS 3.15.3 - 5.9

EPSS0.00427

SSVC

webpack dev server source code theft malicious website security vulnerability