Home > Vulnerability Database > CVE-2025-24360

Mend.io Vulnerability Database

CVE-2025-24360

Good to know:

Date: January 24, 2025

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite builder may get the source code stolen by malicious websites. Version 3.15.3 fixes the vulnerability.

Severity Score

5.3

Related Resources (9)

Url: https://github.com/nuxt/nuxt/commit/7eeb910bf4accb1e0193b9178c746f06ad3dd88f

Url: https://github.com/nuxt/nuxt/blob/7d345c71462d90187fd09c96c7692f306c90def5/packages/vite/src/vite-node.ts#L39

Url: https://github.com/nuxt/nuxt/blob/7d345c71462d90187fd09c96c7692f306c90def5/packages/vite/src/client.ts#L257-L263

Url: https://github.com/nuxt/nuxt/pull/23995

Url: https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6

Url: https://github.com/nuxt/nuxt/security/advisories/GHSA-2452-6xj8-jh47

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-24360

Url: https://github.com/nuxt/nuxt

Url: https://www.mend.io/vulnerability-database/CVE-2025-24360

Severity Score

5.3

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version @nuxt/vite-builder - 3.15.3

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-24360

Good to know:

Date: January 24, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?