CVE-2025-31125
Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. This vulnerability is fixed in 6.2.4, 6.1.3,...