Home > Vulnerability Database > CVE-2025-24010

Mend.io Vulnerability Database

CVE-2025-24010

Good to know:

Date: January 20, 2025

Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6.

Severity Score

6.5

Related Resources (4)

Url: https://github.com/vitejs/vite

Url: https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-24010

Url: https://www.mend.io/vulnerability-database/CVE-2025-24010

Severity Score

6.5

Weakness Type (CWE)

Origin Validation Error

CWE-346

Reliance on Reverse DNS Resolution for a Security-Critical Action

CWE-350

Missing Origin Validation in WebSockets

CWE-1385

Top Fix

Upgrade Version

Upgrade to version vite - 4.5.6;vite - 5.4.12;vite - 6.0.9

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-24010

Good to know:

Date: January 20, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?