Cross-Site Scripting Vulnerability in Nuxt DevTools by Vercel
CVE-2025-52662

6.9MEDIUM

Key Information:

Vendor: Vercel
Status: Nuxt Devtools
Vendor: CVE Published:; 7 November 2025

What is CVE-2025-52662?

A vulnerability in Nuxt DevTools allowed for the extraction of Nuxt authentication tokens through Cross-Site Scripting (XSS) under specific configurations. This issue has been addressed in version 2.6.4, and users are urged to upgrade their installations to maintain the integrity of their applications. For more information, visit the official changelog.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Nuxt Devtools 2.6.3

References

https://github.com/nuxt/devtools/commit/7cadbbe9

https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-d...

CVSS V3.1

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 7, 2025
Vulnerability Reserved
Jun 18, 2025

JSON

Vercel