13 matches found
Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-32395
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-32395. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-32395 DESCRIPTION: Vite is a frontend tooling...
Security Bulletin: Multiple security vulnerabilities in Vite affect IBM Robotic Process Automation (CVE-2025-31125, CVE-2025-32395, CVE-2025-31486).
Summary Multiple security vulnerabilities in Vite affect IBM Robotic Process Automation CVE-2025-31125, CVE-2025-32395, CVE-2025-31486. Vite is used by IBM Robotic Process Automation as part of the UI framework. This bulletin identifies the fixes required to address these vulnerabilities...
Exploit for CVE-2025-32395
CVE-2025-32395 CV...
CVE-2025-32395 vulnerabilities
Vulnerabilities for packages: vitess...
@andrewzagorski/admin (>=4.25.19-patch.2 <=4.25.19-patch.3), @andrewzagorski/pack-up (=4.23.1-prerelease.2) +21 more potentially affected by CVE-2025-32395 via vite (>=6.0.0 <=6.0.11)
vite NPM version =6.0.0, =4.25.19-patch.2, =19.1.5, =5.0.0-alpha.37, =2.11.0, =2.11.0, =11.23.0, =0.0.0-experimental-13bd4c2-20250203-4e3af844, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =1.0.6, =1.0.7 - @tuax/plugin-vite6...
@angular/build (>=19.2.0 <=19.2.0-rc.0), @d-zero/builder (=5.0.0-alpha.39) +38 more potentially affected by CVE-2025-32395 via vite (>=6.1.0 <=6.1.4)
vite NPM version =6.1.0, =19.2.0, =1.0.7, =2.12.0, =2.12.0, =11.24.0, =0.0.1739797164641, =1.0.0, =0.0.0-experimental-989cf02-20250217-d62ba1cb, =0.0.0-experimental-80aadca-20250205-e2641483, =0.0.0-snapshot-1e670bae5105bde781e82aa2a8ee4f2dfc2446f0,...
@adhd/react-hooks (=2.2.1), @aklesky/vite-config (>=0.7.9 <=0.9.0) +403 more potentially affected by CVE-2025-32395 via vite (>=5.0.0 <=5.4.17)
vite NPM version =5.0.0, =0.7.9, =17.1.0, =18.0.0, =1.0.25-beta.0, =0.5.0, =2.0.0-beta.0, =0.22.0, =1.0.1, =1.0.0, =1.0.0, =0.9.0, =0.9.8 and more Source cves: CVE-2025-32395 Source advisory: OSV:GHSA-356W-63V5-8WF4...
CVE-2025-32395
A flaw was found in Vite. This vulnerability allows arbitrary file access via specially crafted HTTP requests containing a character in the request URL. The issue occurs when the server is run on Node.js or Bun and exposed to the network. Improper handling of invalid request lines allows these...
CVE-2025-32395
Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...
CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`
Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...
CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`
Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...
CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`
Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...
CVE-2025-32395
creationtimestamp| type| source ---|---|--- 2025-04-10 07:07:20+00:00| published-proof-of-concept| https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4 2025-04-10 15:32:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmhta4azji2z 2025-04-10 17:52:04+00:00| seen|...