Home > Vulnerability Database > CVE-2025-56648

Mend.io Vulnerability Database

CVE-2025-56648

Good to know:

Date: September 16, 2025

npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them.

Severity Score

6.5

Related Resources (7)

Url: https://github.com/parcel-bundler/parcel/discussions/10089

Url: https://github.com/parcel-bundler/parcel/pull/10138

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-56648

Url: https://github.com/parcel-bundler/parcel/issues/10216

Url: https://gist.github.com/R4356th/41f468def606b2406e36f7193f5322b8

Url: https://github.com/parcel-bundler/parcel

Url: https://www.mend.io/vulnerability-database/CVE-2025-56648

Severity Score

6.5

Weakness Type (CWE)

Origin Validation Error

CWE-346

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-56648

Good to know:

Date: September 16, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?