What is CVE-2025-31125?

A medium-severity vulnerability in Vitejs exposes sensitive files when the Vite dev server is configured improperly. Immediate action is required to mitigate risks associated with this issue.

What is the severity of CVE-2025-31125?

CVE-2025-31125 has a severity rating of MEDIUM with a CVSS base score of 5.3.

Is CVE-2025-31125 in CISA KEV?

Yes. CVE-2025-31125 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2025-31125 | Medium Vulnerability in Vitejs Vite

This vulnerability allows Vitejs to expose content of non-allowed files through specific query parameters, impacting only those applications that expose the Vite development server to the network. With a CVSS score of 5.3, organizations should evaluate their configurations, particularly if they have enabled the server host option. The urgency for defenders is high; organizations should address this in their priority patch cycle.

Risk to organizations includes unauthorized access to sensitive files, which could lead to data breaches or unauthorized information disclosure. The vulnerability was published on March 31, 2025, and has been confirmed to have exploitability, necessitating immediate attention.

Organizations that utilize Vitejs should immediately check their configurations against the fixed versions, which are 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11. Failure to patch could expose them to significant risks, especially if the server is publicly accessible.

For detailed insights on the vulnerability, organizations can refer to the penetration testing methodology and assess their exposure accordingly.

Vulnerability Details

Vite is a frontend tooling framework for JavaScript. The vulnerability is classified under CWE-200 (Information Exposure) and CWE-284 (Improper Access Control). This vulnerability is critical for those who have exposed the Vite dev server to the network, as it allows unauthorized access to sensitive files.

The CVSS score of 5.3 indicates a medium severity, with a high attack complexity due to the requirement for user interaction. The vulnerability specifically affects the Vite framework versions prior to the aforementioned patches.

Technical Analysis

The root cause of this vulnerability stems from the way Vite handles file access controls when using certain query parameters. When applications expose the Vite dev server to the network, they risk allowing unauthorized access to sensitive files via crafted requests.

This vulnerability can be exploited over the network, requiring no privileges and necessitating user interaction to trigger the exposure of sensitive content. As such, the confidentiality impact is high, while integrity and availability impacts remain unaffected.

Risk & Impact Analysis

Real-world deployment risks associated with this vulnerability can lead to significant data breaches, especially if the application is publicly accessible. The blast radius potential is considerable for organizations using Vitejs without proper configurations, as sensitive files may be exposed.

Given the CVSS score and its classification in the KEV catalog, organizations should prioritize this vulnerability within their patch management processes.

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

The affected versions of Vite include all versions prior to vendor patch, specifically those before 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.

Mitigation & Remediation

Organizations should prioritize upgrading to the latest patched versions of Vite. If immediate patching is not possible, consider implementing access controls to restrict exposure of the Vite dev server to the network. Regularly review your configurations against the recommended best practices for application security.

Further guidance can be found in our application security assessment resources.

Detection Guidance

Organizations should monitor logs for any unusual access patterns, particularly requests that utilize the ?inline&import or ?raw?import query parameters. Behavioral anomalies should be investigated promptly to ensure no unauthorized access has occurred.

AppSecure Threat Intelligence Insight

This vulnerability underlines the importance of secure configuration management for development frameworks. Security teams should take this incident as a lesson to regularly review and audit their configurations against known vulnerabilities. For further reading on similar security issues, you may find our red teaming services insightful.

Additionally, organizations are encouraged to engage in proactive security testing to identify and mitigate vulnerabilities before they can be exploited. For more details, please refer to our penetration testing services to understand potential risks better.

As this vulnerability evolves, continuous monitoring of the security landscape will equip organizations with the knowledge necessary to maintain robust defenses.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-31125: Medium Vulnerability in Vitejs Vite