CVE-2025-58752 Vite's `server.fs` settings were not applied to HTML files

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or server.host config option and...

CVE-2025-58752

Vite CVE-2025-58752 affects the dev and preview servers when exposed on the network: HTML files on the local machine could be served despite server.fs settings, depending on app exposure and appType configuration. Affected versions are <7.1.5, <7.0.7, <6.3.6, and