icon

We found results for “

CVE-2025-24010

Good to know:

icon

Date: January 20, 2025

Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6.

Severity Score

Severity Score

Weakness Type (CWE)

Origin Validation Error

CWE-346

Reliance on Reverse DNS Resolution for a Security-Critical Action

CWE-350

Missing Origin Validation in WebSockets

CWE-1385

Top Fix

icon

Upgrade Version

Upgrade to version vite - 4.5.6;vite - 5.4.12;vite - 6.0.9

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us